Configuring an OAuth assertion grant IdP connection - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

An OAuth assertion grant connection exchanges a SAML assertion or a JSON web token (JWT) for an OAuth access token with the PingFederate OAuth authorization server.

You can configure an OAuth assertion grant connection with an identity provider (IdP) partner either in conjunction with browser-based single sign-on (SSO), WS-Trust, or independently.

For more information, see Security Assertion Markup Language (SAML) 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.

  1. Go to Authentication > Integration > IdP Connections and then click Create Connection.
  2. On the Connection Type tab, select the OAuth Assertion Grant check box.
    Tip:

    You can also select other options, such as the Browser SSO Profiles check box. If you do, you will be prompted to complete the required configuration. This topic only focuses on the OAuth Assertion Grant configuration.

  3. On the General Info tab, enter the required information.
  4. On the OAuth Assertion Grant Attribute Mapping tab, click Configure OAuth Assertion Grant Attribute Mapping.