Managing SP token generator mappings - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

Token generators provide a mechanism through which PingFederate can generate a local token based upon an incoming SAML token, including mapping user attributes to be included in the generated token. A configured and deployed token generator in PingFederate is known as a token generator instance.

In the Token Generator Mapping & User Lookup configuration window, manage service provider (SP) token generator mappings.

Map one or more token generator instances into an identity provider (IdP) connection to satisfy different token requirements by the web services at your site. The same token generator instances can be mapped in multiple connections.

When token generator instances are restricted to certain virtual server IDs, the allowed IDs are displayed under Virtual Server IDs.

  1. Go to Authentication > Integration > IdP Connections > WS-Trust STS.
  2. Click Configure WS-Trust STS.
    The WS-Trust STS configuration window opens.
  3. On the Protocol Settings tab, from the Request Processing Options list, select Validate Incoming SAML Token and Local Issue Token. Click Next.
    This will add a Token Generation tab.
  4. On the Token Generation tab, click Configure Token Generation.
    The Token Generation configuration window opens.
  5. On the Token Generator Mapping & User Lookuptab, click Map New Token Generator Instance to open the Token Generator Mapping & User Lookup configuration window.
    • To map a token generator instance, click Map New Token Generator Instance.
    • To edit the mapping configuration of a token generator instance, on the Token Generator Instance tab, click Manage Token Generator to open the Token Generators window. Click the token generator instance in the Instance Name section to open the configuration summary for this token generator instance. Select the setting that you want to reconfigure, and complete the change by clicking Done.
    • To remove a token generator instance or cancel the removal request, click Delete followed by Save or Undelete.
  6. If you are creating a new connection and you are finished with mapping configuration, click Done. If you are editing an existing configuration and want to keep your changes, click Save.