WS-Trust STS processing
The following figure shows a basic Web Services scenario using the PingFederate WS-Trust STS in the role of both IdP and SP:
Processing Steps
-
A WSC sends a Request Security Token (RST) message containing an OpenToken as a SOAP request to the PingFederate STS IdP endpoint.
-
The OpenToken Token Processor validates the OpenToken and, if valid, maps attributes from the OpenToken into a SAML token. PingFederate issues the SAML token based upon the SP connection configuration and embeds the token in a Request Security Token Response (RSTR) which is returned to the WSC.
-
The WSC binds the issued SAML token into a WSS header and sends it via a SOAP request to the WSP.
-
The WSP sends an RST Issue request containing the SAML token to the PingFederate STS SP endpoint. PingFederate validates the SAML token and, if valid, maps attributes from the SAML token in to an OpenToken. Ping Federate issues the Open Token based upon the OpenToken Token Generator configuration and embeds the token in an RSTR which is returned to the WSP.
-
The WSP receives the OpenToken in the RSTR for local domain processing.