PingAccess

Managing third-party services

A third-party service configuration defines the destination for HTTPS outbound calls. Custom plugins use these definitions to indicate how the HTTP client communicates with the destination.

The configuration of a third-party service is similar to that of a site. Learn more about adding, editing, or deleting a third-party service in the following sections.

Adding third-party services

Add new third-party services in PingAccess.

If you want to validate access tokens with your own JWKS endpoint, you can configure your own host name and endpoint path as a third-party service in PingAccess.

Steps

  1. Click Applications, then go to Sites > Third Party Services.

  2. Click Add Third-Party Service.

  3. Complete the standard configuration fields, using the following table as a reference.

    Standard fields
    Field Required Description

    Name

    Yes

    Enter a name that identifies the third-party service.

    Targets

    Yes

    Enter one or more host name:port pairs used to reach the third-party service.

    Secure

    No

    Indicate whether the target expects a secure connection.

  4. Configure advanced settings.

    Most of these settings are optional.

    1. Expand the Show Advanced Settings section at the bottom of the Third-Party Service tab.

    2. Complete the fields as desired, using the following table as a reference:

      Advanced fields
      Field Required Description

      Host Value

      No

      When you specify a Host Value, requests to a third-party service use this value as the host header field value regardless of which target is used.

      Skip Hostname Verification

      No

      For secure connections, select this check box to indicate that the third-party service shouldn’t perform host name verification of the certificate.

      Expected Certificate Hostname

      No

      For secure connections, enter the name of the host expected in the certificate when host name verification is enabled.

      Availability Profile

      Yes

      Indicate the availability profile to use.

      To create a new availability profile, click Create Availability Profile.

      Load Balancing Strategy

      No

      Select the load-balancing strategy to use if more than one target is defined.

      If you specify multiple target servers for a third-party service but don’t apply a load balancing strategy, PingAccess uses the first target server in the list until it fails. Secondary target servers are only used if the first target server is not available.

      PingAccess uses the Failed Retry Timeout from the service’s availability profile settings to determine when to mark the first target server as available again.

      Maximum Connections

      Yes

      Indicates the maximum number of HTTP-persistent connections PingAccess will open and maintain for the service. The default value, -1, indicates unlimited connections.

      Use Proxy

      No

      Indicates that requests to the site should use a configured proxy.

  5. Click Save.

Editing and deleting third-party services

Use the PingAccess admin console to edit the properties of existing third-party services or delete a third-party service that’s no longer in use.

Only platform administrators can modify or delete a third-party service being used as an access token validator for admin API or UI authentication.

Steps

  1. Click Applications, then go to Sites > Third Party Services.

  2. Click to expand the third-party service you want to edit or delete.

  3. To edit the third-party service:

    1. Click the Pencil icon.

    2. Make the desired edits to the third-party service.

    3. To confirm your changes, click Save.

  4. To delete the third-party service:

    1. Click the Delete icon.

    2. To confirm your changes, click Delete.