Free Preparation Discussions
MENU
Ping Identity PAP-001 Exam - Topic 1 Question 15 Discussion
Topic #: 1
Developers report an issue with an application that is protected by PingAccess. Certain requests are not providing claims that are part of the access token.
What should the administrator add for the access token claims?
In PingAccess, when an application relies on claims from an OAuth access token, you must configure PingAccess to evaluate those claims and potentially inject them into headers for the backend application.
Exact Extract from PingAccess documentation:
''OAuth rules allow you to evaluate claims in OAuth access tokens. You can configure PingAccess to look at specific claims and enforce policies or pass them to target applications.''
''To extract attributes from an access token, configure an OAuth Attribute Rule.''
This clearly matches option D.
Analysis of each option:
A . An authentication requirement definition
Incorrect. Authentication requirements determine how users authenticate to applications (OIDC provider, etc.), but do not manage access token claims.
B . A web session attribute rule
Incorrect. Web session attribute rules map attributes from the authenticated user's web session (SSO session), not from OAuth access tokens.
C . An identity mapping definition
Incorrect. Identity mappings transform user attributes (from IdP to app), but they don't directly pull claims from OAuth tokens.
D . An OAuth attribute rule
Correct. This rule is specifically designed to extract and enforce policies on claims from OAuth access tokens.
Therefore, the correct answer is D. An OAuth attribute rule.
Kerrie
16 days ago