Verify IAM Access Token policy can be used to verify the access token issued by third-party IAM services like Gluu. This serves out-of-the-box functionality of invoking the access token verification endpoint of the third party IAM service (issuer of the token) and thereby validating/invalidating the request based on the response received from that endpoint.
Configuration
The properties that have to be configured to use the policy are described below.
Access Token
Configure the Message Part Identifier with the source as header/Query parameter/context variable/constant through which the access token is passed.
Target(s) Configuration
Refer to the Service Call Out section to understand the configuration.
This endpoint config is intended to specify the verification endpoints of the IAM service.
Additional parameters
Specify parameters other than the access token that is understood by the endpoint specified.
Variable prefix
This prefix is used at two junctures:
- To filter context variables/headers to be sent to the target specified.
To populate the JSON response attributes into the context variables.
Example
Install Gluu server and configure its hostname as: fioiam.gluu.org.
- Configure the introspection endpoint under targets: https://fioiam.gluu.org/oxauth/restv1/introspection with target id as t1.
- Set Access token's source as parameter and add t1 under selected targets.
Request
Below is a sample request with a valid Authorization Header (credentials of the OpenID client created in Gluu dashboard: https://fioiam.gluu.org/identity/home.htm) and Content Type as application/x-www-form-urlencoded: