1. Copy the pf-opentoken-token-translator-<version>.jar file from the dist directory of this distribution to the <pf-install>/pingfederate/server/default/deploy directory of your PingFederate server installation.

    If you have a previous version of the OpenToken Token Translator file installed, please delete it from the above location and replace it with the version referenced.

  2. Log on to the PingFederate administrative console and click Token Generators under SP Configuration on the main menu.

    If you don't see Token Generators on the main menu, enable WS-Trust by going to the Server Settings Roles & Protocols screen and selecting WS-Trust for the SP Role.


    To enable token validation, you may be prompted to provide SAML 1.x and SAML 2.0 federation identifiers for the STS on the Federation Info screen. Refer to the Federation Info screen’s Help page for more information.

  3. On the Manage Token Generator Instances tab, click Create New Instance.
  4. On the Type tab, enter an Instance Name and Instance ID, and select OpenToken Token Generator as the Type.
  5. Click Next.
  6. On the Instance Configuration page, enter in a strong password for generating the encryption key. Optionally, you can click Show Advanced Fields to set other encryption and validation options. Refer to the screen Description column for more information.
  7. Click Next.
  8. On the Actions page, click Download and then Export to save the agent-config.txtfile.
    The WSP application that receives the OpenToken will need this information later.
  9. Click Next.
  10. On the Extended Contract tab, add any attributes that you want to map from the SAML assertion, in addition to the subject.
  11. Click Next.
  12. On the Summary tab, verify that the information is correct and click Done.
  13. On the Manage Token Generator Instances screen, click Save.