Ping Identity Data Governance Broker

Data Governance Broker Documentation Index
Configuration Reference Home

Permitted Scope

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A Permitted Scope object is used to establish the association between an OAuth2 Client and an OAuth2 Scope.

↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage

Relations from This Component

The following components have a direct aggregation relation from Permitted Scopes:

Authentication Context Class

OAuth2 Scope

Relations to This Component

The following components have a direct composition relation to Permitted Scopes:

OAuth2 Client

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ scope	None
↓ optional
↓ consent-required
↓ required-acr

Basic Properties

scope (Read-Only)

Description	Specifies the scope referenced by this Permitted Scope.
Default Value	None
Allowed Values	The DN of any OAuth2 Scope.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

optional

Description	Whether granting this scope is optional for issuing an access token for the OAuth2 Client.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

consent-required

Description	Whether user consent is required in order to grant this scope to the OAuth2 Client.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

required-acr

Description	Specifies an Authentication Context Class whose requirements must be met for this scope to be granted to the OAuth2 Client.
Default Value	If undefined, then there are no specific authentication requirements for granting this scope to the OAuth2 Client.
Allowed Values	The DN of any Authentication Context Class.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Permitted Scopes:

dsconfig list-permitted-scopes
     [--property {propertyName}] ...

To view the configuration for an existing Permitted Scope:

dsconfig get-permitted-scope-prop
     --scope-name {name}
     --client-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Permitted Scope:

dsconfig set-permitted-scope-prop
     --scope-name {name}
     --client-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Permitted Scope:

dsconfig create-permitted-scope
     --scope-name {name}
     --client-name {name}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Permitted Scope:

dsconfig delete-permitted-scope
     --scope-name {name}
     --client-name {name}