To exchange security tokens, the OAuth authorization server needs at least one token exchange processor policy.
To define a token exchange processor policy:
-
On the OAuth Server page, in the Token
Exchange section, click Processor
Policies.
The Token Exchange Processor Policy Management page opens.
-
Click Add Processor Policy.
The Token Exchange Processor Policy wizard opens.
- On the Manage Processor Policy tab, enter the policy ID and Name. You can also specify whether the policy requires an actor token as well as a subject token in the token exchange requests from the clients.
- If you need to add attributes to the attribute contract, use the Attribute Contract tab to add them.
-
On the Token Processor Mapping tab, map a token
processor to each subject token type or each combination of subject token type
and actor token type:
-
Click the Map New Token Processor button.
The Token Processor Mapping wizard opens.
- On the Token Types tab, select the Subject Token Processor instance and enter the Subject Token Type identifier. If an actor token processor is required, select the Actor Token Processor instance and enter the Actor Token Type identifier.
- If the token processor instances need additional attribute sources for contract fulfillment, then use the Attribute Sources & User Lookup tab to add them.
- On the Contract Fulfillment tab, select the Source and Value for each attribute.
- If you want to specify conditions that attributes must satisfy for PingFederate to exchange the token, use the Issuance Criteria tab to specify them.
-
On the Summary tab, review the token processor
mapping. Click Done.
PingFederate returns you to the Token Exchange Processor Policy wizard.
-
Click the Map New Token Processor button.
-
In the Token Exchange Processor Policy wizard, on the
Summary tab, review the policy. Click
Done.
The Token Exchange Processor Policy Management page opens.
- If you want to make the new token exchange processor policy the default policy, click Set as Default on its row in the table.
- Click Save.