X.509

WS-Trust STS processing

The following steps describe a basic WS-Trust Security Token Service (STS) scenario where PingFederate validates an X.509 token and issues a SAML token:

  1. A WSC sends a Request Security Token (RST) message containing an X.509 token to the PingFederate STS IdP endpoint.

  2. The PingFederate X.509 Token Processor validates the X.509 token and, if valid, maps attributes from the X.509 token into a SAML token. PingFederate issues the SAML token based upon the SP connection configuration and embeds the token in a Request Security Token Response (RSTR), which is returned to the WSC.

  3. The WSC binds the issued SAML token into a Web Service Security (WSSE) header and sends this through a SOAP request to the Web Service Provider (WSP).