我使用用户名和密码调用PF和PA REST Web服务,但它似乎很容易提供凭据。有没有办法为REST AP服务调用而不是凭证提供唯一的授权代码?。
此刻正在以这种方式打电话
root@ubuntu:/home/joe# curl -k -u "**UserName:Password**" -H "X-Xsrf-Header: PingAccess" https://localhost:9000/pa-admin-api/v1/virtualhosts
答案 0 :(得分:1)
The PingAccess administrative API supports OAuth Access Tokens for authentication. They must be access tokens issued by PingFederate (using any grant type) and contain a configured scope for administrative API access. For more details see: https://docs.pingidentity.com/bundle/pa_sm_AuthenticationConfiguration_pa41/page/pa_t_Configure_API_Authentication.html
PingFederate itself currently does not support OAuth for administrative APIs however there are a number of options for authentication. The most secure form of authentication currently supported is client certificate authentication. For more details, see: https://documentation.pingidentity.com/pingfederate/pf82/index.shtml#adminGuide/concept/configuringAccessToTheAdministrativeApi.html