You can add STS, OAuth, and outbound provisioning support to any existing SSO connection, or vice versa, at any time.
If your partner's deployment supports multiple protocols and you intend to communicate using more than one, you must set up a separate connection for each protocol. Note that each connection must use a unique (partner) connection ID.
To configure a connection for secure browser-based SSO, select the
Browser SSO Profiles check box.
If you have selected multiple protocols on thescreen and you are not using a connection template, you must select the applicable protocol from the list when establishing a new connection.
For a WS-Federation connection, select the desired token type, namely SAML 1.1, SAML 2.0, or JWT (JSON Web Token).Tip:
If you are creating a WS-Federation connection to Microsoft Windows Azure Pack, select JWT as the token type.Tip:
PingFederate can encrypt the subject and attributes of SAML 2.0 assertions. For information about configuring encryption policies on a PingFederate IdP, see Configuring XML encryption policy (SAML 2.0). For information about configuring encryption policies on a PingFederate SP, see Specifying XML encryption policy (for SAML 2.0).
To configure an STS connection, select the WS-Trust STS
The WS-Trust STS option is only available after you enable the WS-Trust role on the screen.
To configure a connection for outbound provisioning, make that selection and
then select the provisioning type from the list.
The Outbound Provisioning option is only available after you enable the Outbound Provisioning protocol on the screen.
If your PingFederate license manages connections by groups, select a license
group for this connection.
This option is not shown for unrestricted or other types of licenses.