Page created: 12 Sep 2019 |
Page updated: 19 Mar 2020
PingFederate features an integrated administrative console for configuring four kinds of connections to identity-federation partners:
- Browser-based SSO – Also called Browser SSO in the administrative console, this term is often used to refer to standards-based secure SSO, which generally depends on a user's browser to transport identity assertions and other messaging between partner endpoints (see Supported standards).
- WS-Trust STS – Employs the PingFederate Security Token Service (STS), which enables Web service clients and providers (WSCs and WSPs) to extend SSO to identity-enabled web services at provider sites, using another set of standards (see the next section, About WS-Trust STS). These standards, including WS-Trust, do not rely on the user's browser for message transport.
- OAuth Assertion Grant – Exchanges a SAML assertion or a JSON Web Token for an OAuth access token with the PingFederate authorization server (AS) (see About OAuth).
- Provisioning – Provides automated cross-domain inbound and outbound user management (see User provisioning).
The types of connections can be configured together for the same partner or independently.