Connection-based policy
For both the identity provider (IdP) and service provider (SP) roles, PingFederate employs a partner-connection configuration, which enables the association of web services authentication policies with federation partners.
For Security Token Service (STS) processing, these policies define configurations for handling WS-Trust requests and transferring identity information between security domains. For more information, see Web services standards.
IdP configuration
Use the administrative console in an IdP role to configure WS-Trust request-processing policy for your SP partner including:
-
The type of SAML token to create in response to an issue request from a web service client (WSC) application
-
The mapping of attributes to include within the issued SAML token
-
The key used to create a digital signature for the issued SAML token
SP configuration
Use the administrative console in an SP role to configure WS-Trust request-processing policy for your IdP partner including:
-
Whether to validate the incoming SAML token only, or to validate the incoming token and also issue a local token
-
The mapping of attributes to include in the locally issued token when applicable
-
The certificate used to verify the digital signature for the incoming SAML token
-
The key used to decrypt the incoming SAML token when needed