The PingFederate STS provides validation for OAuth 2.0 bearer tokens. Generally, a client would send a base64-encoded access token in order to receive a SAML token in exchange. To use this token processor, you must first configure an Access Token Management (ATM) instance.

(For more information about PingFederate OAuth authorization server and access token management, see About OAuth and Access token management.)

  • On the Instance Configuration screen, configure the basics of this token processor instance.
    1. Select an ATM instance from the list.
      If the desired ATM instance is not shown, click Manage Access Token Manager.

      The token processor instance uses the selected ATM instance to validate the OAuth bearer access tokens.

    2. Optional: Select the Scope Value as Single String check box.

      If selected, the scope value is returned as a single space-delimited set of string values; otherwise, scope values are returned as a multivalued attribute.