As of PingFederate 7.2, the Username Token Translator has been deprecated and replaced with an integrated Username Token Processor. While the integrated Username Token Processor and the deprecated Username Token Translator may be simultaneously deployed, it is recommended to migrate to the new token processor.

  1. Go to the Identity Provider > Token Processors screen.
  2. Click Create New Instance to create an instance of the integrated Username Token Processor.
    Important:

    In the Type screen, select Username Token Processor from the list.

    Tip:

    If you have multiple WS-Trust STS SP connections, you may reuse the same Username Token Processor instance or create additional instances of the token processors as needed.

  3. Map the new token processor instance to the applicable WS-Trust STS SP connection on the IdP Token Processor Mapping screen.
    Repeat this step if you have multiple WS-Trust STS SP connections.
  4. Test your WS-Trust STS SP connections using the instance of the integrated Username Token Processor.
  5. Remove the token processor instance of the deprecated Username Token Translator from all WS-Trust STS SP connections in the IdP Token Processor Mapping screen.
  6. If you have set up token translator mappings, create new entries to replace those using instances of the deprecated Username Token Translator, test the new mapping entries, and delete the entries that use instances of the deprecated Username Token Translator.
  7. Delete all token processor instances of the deprecated Username Token Translator in the Identity Provider > Token Processors screen.
  8. Remove the pf-username-token-translator-<version>.jar file from the <pf_install>/pingfederate/server/default/deploy directory on all PingFederate servers.
  9. Restart PingFederate on all PingFederate servers.