PingFederate OpenToken Token Translator Guide 1.0

The PingFederate OpenToken Token Translator provides a Token Processor and a Token Generator for use with the PingFederate WS-Trust Security Token Service (STS). The Token Processor allows an Identity Provider (IdP) STS to accept and validate an OpenToken from a Web Service Client (WSC) and then map user attributes into a SAML token for the WSC to send to a Web Service Provider (WSP). The Token Generator allows a Service Provider (SP) STS to issue an OpenToken for a WSP, including mapped attributes from an incoming SAML token.

NotePing Identity provides a Java STS-Client Software Development Kit (SDK) for enabling Web Service applications (Client or Provider) to interact with the PingFederate STS. The SDK is available for download here.

OpenToken is an open-standard, secure session cookie used to pass user information between an application and PingFederate. For STS purposes, the OpenToken is passed as a Web Services Security (WSS) binary security token in WS-Trust messages. The data within the OpenToken is a set of key/value pairs, encrypted using common encryption algorithms, as illustrated below:

This translator package includes a Java Application Programmer Interface (API) for WSC and WSP developers to use for writing or reading an OpenToken, respectively.

Tags Capability > Single Sign On; Hosting Environment > On-Premises; Product > Adapters and Integration Kits; Product > Adapters and Integration Kits > Token Translators