Select whether the STS should validate incoming tokens only or validate and then generate other types of tokens.
  1. Go to Authentication > Integration > IdP Connections.
  2. On the WS-Trust STS tab, click Configure WS-Trust STS.
  3. On the Protocol Settings tab, from the Request Processing Options list, choose one of the following options:
    • To only validate incoming SAML tokens, select Validate Incoming SAML Token.
    • To validate and then also generate local tokens to enable single sign-on (SSO) access to web services at your site, select Validate Incoming SAML Token and Issue Local Token.
    Note:

    If you choose to generate local tokens as well, you must set up at least one token generator.