An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.
You can configure an OAuth assertion grant connection with an identity provider (IdP) partner either in conjunction with browser-based single sign-on (SSO), WS-Trust, or independently.
For more information, see Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.
- Go to Create Connection. and then click
On the Connection Type tab, select the OAuth
Assertion Grant check box.
You can also select other options, such as the Browser SSO Profiles check box. If you do, you will be prompted to complete the required configuration. This topic only focuses on the OAuth Assertion Grant configuration.
- On the General Info tab, enter the required information.
- On the OAuth Assertion Grant Attribute Mapping tab, click Configure OAuth Assertion Grant Attribute Mapping.