This section describes how to install and configure the OpenToken Token Processor for PingFederate acting as an IdP.

  1. Copy the pf-opentoken-token-translator-<version>.jar file from the deploy directory of this distribution to the <pf-install>/pingfederate/server/default/deploy directory of your PingFederate server installation.
    Note:

    If you have a previous version of the OpenToken Token Translator file installed, please delete it from the above location and replace it with the version referenced.

  2. Log on to the PingFederate administrative console and click Token Processors under IdP Configuration on the main menu.

    If you do not see Token Processors on the Main Menu, enable WS-Trust by going to the Server Settings Roles & Protocols screen and selecting WS-Trust for the IdP Role.

    Note:

    To enable token exchange, you may be prompted to provide SAML 1.x and SAML 2.0 federation identifiers for the STS on the Federation Info screen. Refer to the Federation Info screen’s Help page for more information.

  3. On the Manage Token Processor Instances tab, click Create New Instance.
  4. On the Type tab, enter an Instance Name and Instance ID, and select OpenToken Token Processor as the Type.
  5. Click Next.
  6. On the Instance Configuration screen, enter a strong password for generating the encryption key.
  7. Click Show Advanced Fields to set other encryption and validation options.
    For more information, see the screen description column.
  8. Click Next.
  9. On the Actions screen, click Download and then Export to save the agent-config.txt file.
    The WSC application that generates the OpenToken will need this information.
  10. Click Next.
  11. On the Extended Contract tab, add any attributes that you want to map into the SAML assertion, in addition to the subject.
  12. Click Next.
  13. (Optional) On the Token Attributes screen, select any or all attributes whose values should be masked in PingFederate log files.
    Additionally, you can select Mask all OGNL-expression generated log values.
  14. Click Next.
  15. On the Summary tab, verify that the information is correct and click Done.
  16. On the Manage Token Processor Instances screen, click Save.