You can configure PingFederate to require that
client applications provide credentials to access the STS.
Although it is an optional configuration,
configuring security token service (STS) authentication is recommended for identity
provider (IdP) configurations that use the Username Token Processor. For other token
processors and token generators, trust in the identity of the client is conveyed within the
token itself and verified as part of processing. You can still configure authentication
requirements to add another layer of security by limiting access to only authenticated
clients.Note:
You can configure STS authentication to either apply globally to all token formats
and for all IdP and service provider (SP) partner connections, or token-to-token
mappings, using more fine grained controls, at the connection level through issuance
criteria.