Contents

Popular
Contents

Verify IAM Access Token policy can be used to verify the access token issued by third-party IAM services like Gluu. This serves out-of-the-box functionality of invoking the access token verification endpoint of the third party IAM service (issuer of the token) and thereby validating/invalidating the request based on the response received from that endpoint.

Configuration

The properties that have to be configured to use the policy are described below.

Access Token

Configure the Message Part Identifier with the source as header/Query parameter/context variable/constant through which the access token is passed.

Target(s) Configuration

Refer to the Service Call Out section to understand the configuration.

This endpoint config is intended to specify the verification endpoints of the IAM service.

Additional parameters

Specify parameters other than the access token that is understood by the endpoint specified.

Variable prefix

This prefix is used at two junctures:

  1. To filter context variables/headers to be sent to the target specified.
  2. To populate the JSON response attributes into the context variables.

    Example

    Icon

    The subject claim value of the token will be populated in a context variable by name as below:

Example

  1. Install Gluu server and configure its hostname as: fioiam.gluu.org.

    Icon

    Refer to the Installing and Configuring Gluu Server section for more details.

  2. Configure the introspection endpoint under targets: https://fioiam.gluu.org/oxauth/restv1/introspection with target id as t1.
  3. Set Access token's source as parameter and add t1 under selected targets.

Request

Below is a sample request with a valid Authorization Header (credentials of the OpenID client created in Gluu dashboard: https://fioiam.gluu.org/identity/home.htm) and Content Type as application/x-www-form-urlencoded:

Icon

For the above request, make sure that the Body type is not left empty. Set it as below:

Response

For Valid access token:
For Expired access token:
Adaptavist ThemeBuilder EngineAtlassian Confluence