Ping Identity Data Governance Server - SCIM Token Resource Lookup Method

Data Governance Server Documentation Index
Configuration Reference Home

SCIM Token Resource Lookup Method

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A SCIM Token Resource Lookup Method uses a SCIM search to look up the end-user account that is associated with an access token provided to authorize a resource request.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The SCIM Token Resource Lookup Method component inherits from the Token Resource Lookup Method

Relations from This Component

The following components have a direct aggregation relation from SCIM Token Resource Lookup Methods:

SCIM Resource Type

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ evaluation-order-index
↓ scim-resource-type
↓ match-filter

Basic Properties

description

Description	A description for this Token Resource Lookup Method
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

evaluation-order-index

Description	When multiple Token Resource Lookup Methods are defined for a single Access Token Validator, this property determines the order in which the lookup queries are executed. Values of this property must be unique among all Token Resource Lookup Methods defined for a single Access Token Validator but not necessarily contiguous. Token Resource Lookup Methods with a smaller value will be evaluated first to determine if they are able to locate the end-user resource.
Default Value	None
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

scim-resource-type

Description	The SCIM Resource Type that the SCIM Token Resource Lookup Method will use to look up the access token owner.
Default Value	None
Allowed Values	The DN of any SCIM Resource Type. The associated SCIM Resource Type must exist and must be enabled.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

match-filter

Description	Specifies the SCIM search filter that should be used when looking up the access token owner. The filter pattern may include one or more variables that refer to properties (e.g. claims) that are present in the access token. Each such variable is identified by surrounding the claim name with a percent sign in double quotes ("%...%"). For example, the search-filter "userName eq "%sub%" and organization eq "%org%"" will substitute "%sub%" and "%org%" with the values of the "sub" and "org" access token claims respectively. In lieu of using a literal subject claim name such as "sub", the special value "_subject_claim_name" may be used to refer to the value of the Access Token Validator's subject-claim-name property. For example, given a subject-claim-name value of "sub", using a match-filter of "userName eq "%_subject_claim_name%" would be equivalent to using a match-filter of "userName eq "%sub%".
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Token Resource Lookup Methods:

dsconfig list-token-resource-lookup-methods
     [--property {propertyName}] ...

To view the configuration for an existing Token Resource Lookup Method:

dsconfig get-token-resource-lookup-method-prop
     --method-name {name}
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Token Resource Lookup Method:

dsconfig set-token-resource-lookup-method-prop
     --method-name {name}
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new SCIM Token Resource Lookup Method:

dsconfig create-token-resource-lookup-method
     --method-name {name}
     --validator-name {name}
     --type scim
     --set evaluation-order-index:{propertyValue}
     --set scim-resource-type:{propertyValue}
     --set match-filter:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Token Resource Lookup Method:

dsconfig delete-token-resource-lookup-method
     --method-name {name}
     --validator-name {name}