Defining token exchange processor policies - PingFederate

Page created: 16 Jul 2021 |

Page updated: 19 Jan 2022

| 2 min read

Product PingFederate 11.0 Configuration Task Type Configuration User task OAuth Standards, specifications, and protocols Software Deployment Method Product documentation Content Type Administrator Audience

To exchange security tokens, the OAuth authorization server needs at least one token exchange processor policy.

Before you define a token exchange processor policy, create the necessary token processor instances. See Managing token processors.

In the Token Exchange Processor Policy Management window, configure and define a token exchange processor policy.

Go to Applications > Token Exchange > Processor Polices to open theToken Exchange Processor Policy Management window.
Click Add Processor Policy.
The Token Exchange Processor Policy window opens.
On the Manage Processor Policy tab, enter the policy ID and Name. Click Next.

Select the Actor Token Required check box if you want to specify whether the policy requires an actor token as well as a subject token in the token exchange requests from the clients.
On the Attribute Contract tab, add attributes to the attribute contract as needed. Click Next.
On the Token Processor Mapping tab, map a token processor to each subject token type or each combination of subject token type and actor token type:
1. Click the Map New Token Processor button.
  The Token Processor Mapping window opens.
2. On the Token Types tab, from the Subject Token Processor list, select the instance.
3. In the Subject Token Type field, enter the identifier.
4. If an actor token processor is required, from the Actor Token Processorlist, select the instance.
5. In the Actor Token Type field, enter the identifier. Click Next.
6. On the Attribute Sources & User Lookup tab, add additional attribute sources for contract fulfillment as needed. Click Next.
7. On the Contract Fulfillment tab, select the Source and Value for each attribute. Click Next.
8. On the Issuance Criteria tab, specify conditions that attributes must satisfy for PingFederate to exchange the token. Click Next.
9. On the Summary tab, review the token processor mapping. Click Done.
  PingFederate returns you to the Token Exchange Processor Policy window.
On Summary tab, review the policy. Click Done.
The Token Exchange Processor Policy Management window opens.
If you want to make the new token exchange processor policy the default policy, click Set as Default on the corresponding row in the table.
Click Save.

Defining token exchange processor policies - PingFederate - 11.0

PingFederate Server