Select whether the STS should validate incoming tokens only or validate and then generate other types of tokens.
  1. Go to Authentication > Integration > IdP Connections.
  2. On the WS-Trust STS tab, click Configure WS-Trust STS.
  3. On the Protocol Settings tab, from the Request Processing Options list, choose one of the following options:
    • To only validate incoming SAML tokens, select Validate Incoming SAML Token.
    • To validate and then also generate local tokens to enable single sign-on (SSO) access to web services at your site, select Validate Incoming SAML Token and Issue Local Token.

    If you choose to generate local tokens as well, you must set up at least one token generator.