For web service client (WSC) STS clients, PingFederate provides built-in protocol support for Windows Identity Foundation (WIF) applications based on the Windows Communication Foundation (WCF) framework.

Note: The WIF framework includes WS-* protocol support and can interact natively with PingFederate.

Client SDK

The STS Java client SDK provides interfaces that create the WS-Trust Request Security Token (RST) and Request Security Token Response (RSTR) messaging to interact with the PingFederate STS endpoints. Using the SDK library, applications are not responsible for forming these WS-Trust protocol messages, and instead interact only with the tokens themselves.

The SDK is available for download on the Ping Identity Downloads website.

Windows Identity Foundation clients

PingFederate natively supports STS clients using claims-based WIF technology. Claims-based federated identity for web services is a part of the WS-Trust standard that permits client applications to make access-policy decisions, when specifically categorized user attributes are sent in the security token. For more information, see Attribute contracts.

The PingFederate STS supports the following bindings in the .NET federated-security scenarios with WS-Trust:

  • WSFederationHttpBinding
  • WS2007FederationHttpBinding

Additionally, the PingFederate STS supports the following bindings for RST and RSTR interactions with .NET. Support for these bindings is limited to the Username, x509, SAML 1.1, and SAML 2.0 token types:

  • WSHttpBinding
  • WS2007HttpBinding
    Note: For token types such as Kerberos, where customizing default bindings might be necessary, the PingFederate STS supports the use of customBinding.

    For more information about bindings, see Microsoft's System-Provided Bindings.

To expedite configuring their applications, PingFederate provides metadata for developers. PingFederate offers two varieties of metadata, which work together to arrive at functional WSC and web service provider (WSP) configurations:

  • STS Metadata Exchange, which contains connection details relating to the SP partner. See the /pf/sts_mex.ping section in System-services endpoints.
  • Federation Metadata, which contains details on the PingFederate public signing certificate and other information required to establish the trust relationship. See the /pf/federation_metadata.ping section in System-services endpoints.

For more information about claim-based federated identity, see Microsoft's A Guide to Claims–based Identity and Access Control.