Create Access Token Manager

For more information about the Access Token Manager, refer to Access Token Management.

We use a new Access Token Manager instance of type JSON Web Tokens. Perform the following steps to create a new instance:

We use a new Access Token Manager instance of type JSON Web Tokens. Perform the following steps to create a new instance:

1. Go to Applications > Access Token Management.

2. Click Create a new Instance.

   

3. Click Next to configure Access Token Manager.

4. Under the Instance Configuration tab, perform the following steps:

   1. Click Add a new row to 'Certificates' (previously created SSL certificate or one obtained from Public CA).

   2. Enter a key name in Key ID attribute and choose SSL certificate in Certificate attribute to be used.

      

   3. Set TOKEN LIFETIME.

   4. Specify JWS ALGORITHM from the drop-down list.

   5. Select the Key ID in ACTIVE SIGNING CERTIFICATE KEY ID from the drop-down list.

      

   6. Select the INCLUDE KEY ID HEADER PARAMETER check box.

   7. Keep DEFAULT JWKS URL CACHE DURATION.

      

   8. Enter client_id in the CLIENT ID CLAIM NAME field.

   9. Enter scope in the SCOPE CLAIM NAME field.

   10. Select the SPACE DELIMIT SCOPE VALUES check box.

   11. Add pingfederate issuer url in the ISSUER CLAIM VALUE field.

   12. Add the required value as the output audience claim in the AUDIENCE CLAIM VALUE field.

       

   13. Enter a value in the ACCESS GRANT GUID CLAIM NAME field.

   14. Enter /redirect/ATMInstance1/JWKS in the JWKS ENDPOINT PATH field.
   15. Keep the default duration in the JWKS ENDPOINT CACHE DURATION field.

5. Under the Session Validation tab, select the INCLUDE SESSION IDENTIFIER IN ACCESS TOKEN check box.

   

6. On the Access Token Attribute Contract tab, select sub from the Subject Attribute Name dropdown menu, and add the following attributes as extended attributes:

   • exp
   • groups (multivalued)
   • preferred_username
   • scope
   • sub