PingFederate Server

Migrating to the integrated Username Token Processor

About this task

As of PingFederate 7.2, the Username Token Translator has been deprecated and replaced with an integrated Username Token Processor. Although the integrated Username Token Processor and the deprecated Username Token Translator can be simultaneously deployed, you should migrate it to the new token processor.

Steps

  1. Go to Identity Provider → Token Processors.

  2. To create an instance of the integrated Username Token Processor, click Create New Instance.

    1. On the Type page, select Username Token Processor from the list.

      If you have multiple WS-Trust STS SP connections, you can reuse the same Username Token Processor instance or create additional instances of the token processors as needed.

  3. Map the new token processor instance to the applicable WS-Trust STS SP connection on the IdP Token Processor Mapping page.

    Repeat this step if you have multiple WS-Trust STS SP connections.

  4. Test your WS-Trust STS SP connections using the instance of the integrated Username Token Processor.

  5. Remove the token processor instance of the deprecated Username Token Translator from all WS-Trust STS SP connections on the IdP Token Processor Mapping page.

  6. If you have set up token translator mappings, create new entries to replace those using instances of the deprecated Username Token Translator, test the new mapping entries, and delete the entries that use instances of the deprecated Username Token Translator.

  7. Delete all token processor instances of the deprecated Username Token Translator on the Identity Provider → Token Processors page.

  8. Remove the pf-username-token-translator-<version>.jar file from the <pf_install>/pingfederate/server/default/deploy directory on all PingFederate servers.

  9. Restart PingFederate on all PingFederate servers.