PingFederate Server

Configuring an OAuth assertion grant IdP connection

An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.

About this task

You can configure an OAuth assertion grant connection with an identity provider (IdP) partner either in conjunction with browser-based single sign-on (SSO), WS-Trust, or independently.

For more information, see Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.

Steps

  1. Go to Authentication → Integration → IdP Connections and then click Create Connection.

  2. On the Connection Type tab, select the OAuth Assertion Grant check box.

    You can also select other options, such as the Browser SSO Profiles check box. If you do, you will be prompted to complete the required configuration. This topic only focuses on the OAuth Assertion Grant configuration.

  3. On the General Info tab, enter the required information.

  4. On the OAuth Assertion Grant Attribute Mapping tab, click Configure OAuth Assertion Grant Attribute Mapping.