1. Go to the System > Protocol Settings > Roles & Protocols screen.
  2. If you have not done so, enable the applicable federation role (or roles) for your deployment.
  3. Under the role (or roles) that you require STS processing, select the WS-Trust check box to enable the protocol.

    PingFederate supports the STS with or without selections of other browser-based SSO protocols. The handling of SAML 1.1 and 2.0 tokens is independent of the supported browser-based SSO protocols shown on the same screen.

  4. Enter your SAML federation IDs on the System > Protocol Settings > Federation Info screen (unless these IDs are already established for corresponding browser-based SSO protocols).

    Identifiers are required for both SAML 2.0 and SAML 1.x to enable the STS to issue either type of token when requested. If you have not established a federation ID for either of these protocols or do not expect to use one or the other, enter a placeholder (in any format) and reconfigure later as needed.