Ping Identity provides the Java client Software Development Kit (SDK) for enabling web service applications (WS clients or providers) to interact with the PingFederate STS.

In addition, for WSC STS clients PingFederate provides built-in protocol support for Windows Identity Foundation (WIF) applications based on the Windows Communication Foundation (WCF) framework.

Note: The WIF framework includes WS-* protocol support and can interact natively with PingFederate.

Client SDK

The STS Java client SDK provides interfaces that create the WS-Trust Request Security Token (RST) and Request Security Token Response (RSTR) messaging to interact with the PingFederate STS endpoints. Using the SDK library, applications are not responsible for forming these WS-Trust protocol messages, and instead interact only with the tokens themselves.

The SDK is available for download at the Ping Identity Downloads website.

Windows Identity Foundation clients

PingFederate natively supports STS clients using claims-based WIF technology. Claims-based federated identity for web services is a part of the WS-Trust standard that permits client applications to make access-policy decisions, when specifically categorized user attributes are sent in the security token (see Attribute contracts).

The PingFederate STS supports the following bindings in the .NET federated-security scenarios with WS-Trust:

  • WSFederationHttpBinding
  • WS2007FederationHttpBinding

Additionally, the PingFederate STS supports the following bindings for RST and RSTR interactions with .NET. (Support for these bindings is limited to the Username, x509, SAML 1.1, and SAML 2.0 token types.)

  • WSHttpBinding
  • WS2007HttpBinding
    Note: For token types such as Kerberos, where customizing default bindings may be necessary, the PingFederate STS supports the use of customBinding.

    For more information about bindings, see Microsoft's System-Provided Bindings (docs.microsoft.com/en-us/dotnet/framework/wcf/system-provided-bindings).

Developers can obtain metadata from PingFederate to expedite configuring their applications. PingFederate offers two varieties of metadata, which are often used together to arrive at functional WSC and WSP configurations:

  • STS Metadata Exchange at /pf/sts_mex.ping , which contains connection details relating to the SP partner.
  • Federation Metadata at /pf/federation_metadata.ping , which contains details on the PingFederate public signing certificate and other information required to establish the trust relationship.

For more information about claim-based federated identity, see Microsoft's A Guide to Claims–based Identity and Access Control (msdn.microsoft.com/library/ff423674.aspx).