WS-Trust STS processing
The following steps describe a basic WS-Trust Security Token Service (STS) scenario in which PingFederate validates an X.509 token and issues a SAML token.
-
A WSC sends a Request Security Token (RST) message containing an X.509 token to the PingFederate STS IdP endpoint.
-
The PingFederate X.509 Token Processor validates the X.509 token and, if valid, maps attributes from the X.509 token into a SAML token. PingFederate issues the SAML token based upon the SP connection configuration and embeds the token in a Request Security Token Response (RSTR) which is returned to the WSC.
-
The WSC binds the issued SAML token into a Web Service Security (WSSE) header and sends this through a SOAP request to the Web Service Provider (WSP).