Managing token processors

The PingFederate Security Token Service (STS) uses token processors to validate incoming tokens and token requests.

About this task

You must configure at least one processor in order to set up an STS connection or a token-to-token mapping.

For more information about WS-Trust, see Web services standards.

PingFederate comes bundled with the following token processors:

JWT Token Processor 1.2
JWT Token Processor 2.0
Kerberos Token Processor
OAuth Bear Token Processor
SAML 1.1 Token Processor
SAML 2.0 Token Processor
Username Token Processor

You can deploy additional token translators from Ping Identity website.

Steps

Go to Authentication → Token Exchange → Token Processors.

In the Token Processors window, choose from the following options.

Option	Description
Configure a new instance	Click Create New Instance
Modify an existing instance	Click the name of instance in the Instance Name column
View the usage of an existing instance	Click Check Usage in the Action column on the instance’s row
Remove an existing instance	Click Delete in the Action column on the instance’s row

Option

Description

Configure a new instance

Click Create New Instance

Modify an existing instance

Click the name of instance in the Instance Name column

View the usage of an existing instance

Click Check Usage in the Action column on the instance’s row

Remove an existing instance

Click Delete in the Action column on the instance’s row

By default, PingFederate automatically checks multi-connection errors whenever you access this window. This verifies that configured connections are not adversely affected by changes made here.

If you experience noticeable delays in accessing this window, you can disable automatic connection validation. Go to System → Server → General Settings.

PingFederate Server

Managing token processors

About this task

Steps