Create OAuth Clients for PTC Products
You create OAuth clients in PingFederate to serve as endpoints that PTC products connect to when obtaining or verifying access tokens. It is recommended that you create a separate OAuth client for each role that each product performs.
Prerequisite-Create an Access Token Management instance
Access token management instances allow you to configure access token policies and attribute contracts for different OAuth clients. The access token management instance you create in the following procedure will be used for the OAuth clients you create for PTC products. For more information about access token management instances and how to configure them, see “Access token management” in the PingFederate documentation.
The following settings are recommended when creating an access token management instance for PTC products.
1. From the PingFederate main navigator menu, click OAuth Server > Access Token Management > Create New Instance.
2. On the Type tab:
a. Specify an instance name and ID.
b. Type field, select Internally Managed Reference Tokens.
c. Parent Instance field, select None.
3. Click Next to accept the defaults on the Instance Configuration tab.
4. On the Access Token Attribute Contract tab, add Username.
5. Click Next on the Resource URIs and Access Control tabs to accept the default settings.
Prerequisite-Configure Access Token Mapping
An access token mapping is required to identify the attributes that will be provided along with access tokens. To configure this mapping for PTC products, the Username attribute must be mapped to USER_KEY. For more information about access token mapping, see “Manage access token mappings” in the PingFederate documentation.
The following settings are recommended when configuring an access token mapping for PTC products.
1. On the PingFederate main navigator menu, select OAuth Server > Access Token Mapping.
2. On the Access Token Attribute Mapping page:
a. For Context, select Default.
b. For Access Token Manager, select the access token management instance you created in the previous procedure.
c. Click Add Mapping.
3. On the Attribute Sources & User Lookup tab, click Next to accept the default settings.
4. On the Contract Fulfillment tab, for the Username contract entry, select Persistent Grant in the Source column and USER_KEY in the Value column.
5. On the Issuance Criteria tab, click Next to accept the default settings.
6. Click Done, and click Save.
You can proceed to creating an OAuth client for the PTC product in your SSO framework.
Was this helpful?