To exchange security tokens, the OAuth authorization server needs at least one token exchange processor policy.
- Go to Token Exchange Processor Policy Management window. to open the
Click Add Processor Policy.
The Token Exchange Processor Policy window opens.
On the Manage Processor Policy tab, enter the policy
ID and Name. Click
Select the Actor Token Required check box if you want to specify whether the policy requires an actor token as well as a subject token in the token exchange requests from the clients.
- On the Attribute Contract tab, add attributes to the attribute contract as needed. Click Next.
On the Token Processor Mapping tab, map a token
processor to each subject token type or each combination of subject token type
and actor token type:
Click the Map New Token Processor button.
The Token Processor Mapping window opens.
- On the Token Types tab, from the Subject Token Processor list, select the instance.
- In the Subject Token Type field, enter the identifier.
- If an actor token processor is required, from the Actor Token Processorlist, select the instance.
- In the Actor Token Type field, enter the identifier. Click Next.
- On the Attribute Sources & User Lookup tab, add additional attribute sources for contract fulfillment as needed. Click Next.
- On the Contract Fulfillment tab, select the Source and Value for each attribute. Click Next.
- On the Issuance Criteria tab, specify conditions that attributes must satisfy for PingFederate to exchange the token. Click Next.
On the Summary tab, review the token processor
mapping. Click Done.
PingFederate returns you to the Token Exchange Processor Policy window.
- Click the Map New Token Processor button.
On Summary tab, review the policy. Click
The Token Exchange Processor Policy Management window opens.
- If you want to make the new token exchange processor policy the default policy, click Set as Default on the corresponding row in the table.
- Click Save.