Configuring an OAuth assertion grant IdP connection - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.

You can configure an OAuth assertion grant connection with an identity provider (IdP) partner either in conjunction with browser-based single sign-on (SSO), WS-Trust, or independently.

For more information, see Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.

  1. Go to Authentication > Integration > IdP Connections and then click Create Connection.
  2. On the Connection Type tab, select the OAuth Assertion Grant check box.
    Tip:

    You can also select other options, such as the Browser SSO Profiles check box. If you do, you will be prompted to complete the required configuration. This topic only focuses on the OAuth Assertion Grant configuration.

  3. On the General Info tab, enter the required information.
  4. On the OAuth Assertion Grant Attribute Mapping tab, click Configure OAuth Assertion Grant Attribute Mapping.