Configuring OAuth token exchange - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

Configuring the OAuth authorization server to support OAuth token exchange involves configuring token exchange processor policies, token generator instances and token exchange generator groups, access token manager instances, and OAuth clients.

To configure OAuth token exchange, see the included topic links to perform the necessary steps.

  1. Define token exchange processor policies to handle incoming token exchange requests. See Defining token exchange processor policies.
  2. If you need token generator instances to generate the requested tokens, complete the following tasks.
    1. Configure the token generator instances. See Managing token generators.
    2. Create token exchange generator groups. See Creating token exchange generator groups.
    3. Map the attributes from the token exchange processor policies to the attributes from the token generator instances. See Mapping token exchange attributes to token generator attributes.
  3. Access token managers to generate the requested tokens.
    1. Configure the access token manager instances. See Managing access token management instances.
    2. Map the attributes from the token exchange processor policies to the attributes from the access token manager instances. See Mapping token exchange attributes to access token manager attributes.
  4. Enable token exchange in the OAuth clients that will send the token exchange requests to the authorization server. See Enabling token exchange in OAuth clients.