Defining token exchange processor policies - PingFederate

Page created: 12 Dec 2019 |

Page updated: 5 Apr 2021

| 2 min read

PingFederate 10.0 Product Page Configuration Task Type Admin Guide Configuration User task OAuth Standards, specifications, and protocols Software Deployment Method Product documentation Content Type Administrator Audience

To exchange security tokens, the OAuth authorization server needs at least one token exchange processor policy.

Before you define a token exchange processor policy, create the necessary token processor instances. See Managing token processors

To define a token exchange processor policy:

On the OAuth Server page, in the Token Exchange section, click Processor Policies.
The Token Exchange Processor Policy Management page opens.
Click Add Processor Policy.
The Token Exchange Processor Policy wizard opens.
On the Manage Processor Policy tab, enter the policy ID and Name. You can also specify whether the policy requires an actor token as well as a subject token in the token exchange requests from the clients.
If you need to add attributes to the attribute contract, use the Attribute Contract tab to add them.
On the Token Processor Mapping tab, map a token processor to each subject token type or each combination of subject token type and actor token type:
1. Click the Map New Token Processor button.
  The Token Processor Mapping wizard opens.
2. On the Token Types tab, select the Subject Token Processor instance and enter the Subject Token Type identifier. If an actor token processor is required, select the Actor Token Processor instance and enter the Actor Token Type identifier.
3. If the token processor instances need additional attribute sources for contract fulfillment, then use the Attribute Sources & User Lookup tab to add them.
4. On the Contract Fulfillment tab, select the Source and Value for each attribute.
5. If you want to specify conditions that attributes must satisfy for PingFederate to exchange the token, use the Issuance Criteria tab to specify them.
6. On the Summary tab, review the token processor mapping. Click Done.
  PingFederate returns you to the Token Exchange Processor Policy wizard.
In the Token Exchange Processor Policy wizard, on the Summary tab, review the policy. Click Done.
The Token Exchange Processor Policy Management page opens.
If you want to make the new token exchange processor policy the default policy, click Set as Default on its row in the table.
Click Save.

Defining token exchange processor policies - PingFederate - 10.0

PingFederate Server