--- title: Configuring protocol settings for SP STS description: Configure the processing options for validating incoming SAML tokens in your identity provider (IdP) partner connection either in conjunction with browser-based single sign-on (SSO) or independently. component: pingfederate version: 13.1 page_id: pingfederate:administrators_reference_guide:help_wstrustidptasklet_wstrustidpprotocolsettingsstate canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_wstrustidptasklet_wstrustidpprotocolsettingsstate.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: about-this-task: About this task steps: Steps choose-from: Choose from: --- # Configuring protocol settings for SP STS Configure the processing options for validating incoming SAML tokens in your identity provider (IdP) partner connection either in conjunction with browser-based single sign-on (SSO) or independently. ## About this task Select whether the STS should validate incoming tokens only or validate and then generate other types of tokens. ## Steps 1. Go to **Authentication > Integration > IdP Connections**. 2. On the **WS-Trust STS** tab, click **Configure WS-Trust STS**. 3. On the **Protocol Settings** tab, from the **Request Processing Options** list, choose one of the following options: ### Choose from: * To only validate incoming SAML tokens, select **Validate Incoming SAML Token**. * To validate and then also generate local tokens to enable single sign-on (SSO) access to web services at your site, select **Validate Incoming SAML Token and Issue Local Token**. | | | | - | --------------------------------------------------------------------------------------------- | | | If you choose to generate local tokens as well, you must set up at least one token generator. |