An OAuth assertion grant connection exchanges a SAML assertion or a JWT for an OAuth access token with the PingFederate OAuth AS. You can configure an OAuth assertion grant connection with an IdP partner either in conjunction with browser-based SSO, WS-Trust, or independently.

For more information about these standards, see Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants (tools.ietf.org/html/rfc7522) and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (tools.ietf.org/html/rfc7523).

  1. On the Connection Type screen, select the OAuth Assertion Grant check box.
    Tip:

    You may also select other options (for example, the Browser SSO Profiles check box). If you do, you will be prompted to complete the required configuration.

    For simplicity, this topic only focuses on the OAuth Assertion Grant configuration.

  2. On the General Info screen, enter the required information.
  3. On the OAuth Assertion Grant Attribute Mapping screen, click Configure OAuth Assertion Grant Attribute Mapping.