Page created: 15 Jul 2020 |
Page updated: 29 Jan 2021
Token generators provide a mechanism through which PingFederate can generate a local token based upon an incoming SAML token, including mapping user attributes to be included in the generated token. A configured and deployed token generator in PingFederate is known as a token generator instance.
Map one or more token generator instances into an identity provider (IdP) connection to satisfy different token requirements by the web services at your site. The same token generator instances can be mapped in multiple connections.
When token generator instances are restricted to certain virtual server IDs, the allowed IDs are displayed under Virtual Server IDs.
- Go to .
Click Configure WS-Trust STS.
The WS-Trust STS configuration window opens.
On the Protocol Settings tab, from the Request
Processing Options list, select Validate Incoming SAML
Token and Local Issue Token. Click Next.
This will add a Token Generation tab.
On the Token Generation tab, click Configure
The Token Generation configuration window opens.
On the Token Generator Mapping & User Lookuptab, click
Map New Token Generator Instance to open the
Token Generator Mapping & User Lookup configuration
- To map a token generator instance, click Map New Token Generator Instance.
- To edit the mapping configuration of a token generator instance, on the Token Generator Instance tab, click Manage Token Generator to open the Token Generators window. Click the token generator instance in the Instance Name section to open the configuration summary for this token generator instance. Select the setting that you want to reconfigure, and complete the change by clicking Done.
- To remove a token generator instance or cancel the removal request, click Delete followed by Save or Undelete.
- If you are creating a new connection and you are finished with mapping configuration, click Done. If you are editing an existing configuration and want to keep your changes, click Save.