Ping Identity Directory Server - Token Claim Validation

Token Claim Validation

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

Note: this is an abstract component that cannot be instantiated.

A Token Claim Validation defines a condition about a token claim that must be satisfied for the token to be considered valid.

Direct Subcomponents Relations to This Component Properties dsconfig Usage

Direct Subcomponents

The following Token Claim Validations are available in the server :

These Token Claim Validations inherit from the properties described below.

Relations to This Component

The following components have a direct composition relation to Token Claim Validations:

ID Token Validator

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
description	None
claim-name

Basic Properties

description

Description	A description for this Token Claim Validation
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

claim-name

Description	The name of the claim to be validated. This claim must be present, and its name must be an exact match.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Token Claim Validations:

dsconfig list-token-claim-validations
     [--property {propertyName}] ...

To view the configuration for an existing Token Claim Validation:

dsconfig get-token-claim-validation-prop
     --validation-name {name}
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Token Claim Validation:

dsconfig set-token-claim-validation-prop
     --validation-name {name}
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To delete an existing Token Claim Validation:

dsconfig delete-token-claim-validation
     --validation-name {name}
     --validator-name {name}