Token processors and generators
PingFederate provides support for a variety of security-token formats through token processors and generators.
These token processors and generators plug into the PingFederate server and deploy similarly to browser-based single sign-on (SSO) adapters. For more information, see Bundled adapters and authenticators.
For an identity provider (IdP), token processors provide a mechanism through which PingFederate can validate an incoming token from a web service client (WSC) and map attributes to be included in the issued SAML token.
For a service provider (SP), token generators provide a mechanism through which PingFederate can generate a local token based upon the incoming SAML token from a WSP and map attributes to be included in that token.
PingFederate only generates SAML 1.1 or 2.0 token when it is configured as an IdP for sending across trust boundaries to a federate SP partner. PingFederate only accepts SAML tokens when configured as an SP. Token plug-ins allow a modular approach for validating and producing the token types used by different applications or systems within a conceptual trust domain. PingFederate provides bundled and separately available token plug-ins.
For direct security token service (STS) token exchange within the same domain or trust boundary, use the PingFederate STS to exchange one token type for another directly, without generating a transitional SAML token. For more information, see Token translator mappings. |
PingFederate allows you to use a configuration of a token processor or generator as a parent instance from which you create child instances. For more information, see Hierarchical plugin configurations.
Bundled token plug-ins
PingFederate comes installed with token processors for an IdP configuration that accept and validate SAML 1.1 or 2.0 tokens, OAuth bearer access tokens, JSON web tokens (JWT), username tokens, and Kerberos tokens. For more information, see Token models and management. SAML tokens are issued on the IdP side through built-in browser-based SSO capabilities.
For an SP configuration, PingFederate provides token generators for issuing local SAML 1.1 or 2.0 tokens. PingFedearate validates incoming SAML tokens using built-in capabilities.
Commercial token plug-ins
Ping Identity provides token plug-ins called token translators to work with various authentication systems and identity management (IdM) systems. You can download the available plug-ins from the Downloads website.