The Token Processor allows an Identity Provider (IdP) STS to accept and validate a WAM session token from a Web Service Client (WSC) and then map user attributes into a SAML token for the WSC to send to a Web Service Provider (WSP). The Token Generator allows a Service Provider (SP) STS to issue a WAM session token for a WSP, including mapped attributes from an incoming SAML token.

Important:

The Token Translator is designed to work with WAM products from multiple vendors. A WAM plug-in is required to connect the Token Translator with each third-party system. This kit ships with WAM plug-ins compatible with Oracle Access Manager (OAM) 10g and 11g, and with RSA Access Manager 6.1. A simple software development kit (SDK) is also included to create custom WAM plug-ins for other systems.

If you are creating a WAM plug-in for any third-party product other than OAM and RSA Access Manager, you must complete the tasks in the WAM plug-in SDK README.txt file located in the <token_translator_install_dir>/sdk directory.

Important:

Ping Identity provides an SDK for enabling Web Service applications (Client or Provider) to interact with the PingFederate STS. The SDK is available for download on the PingFederate server add-ons page.

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

Please consult the WAM documentation tool if you encounter any difficulties in areas not directly associated with PingFederate or the WAM Token Translator.

System requirements

  • PingFederate 6.x or later
  • WAM plug-in for the desired third-party system, built and deployed per the WAM plug-in SDK documentation
  • Associated vendor-supplied libraries to support the WAM plug-in you are using
  • Fully functional WAM plug-ins for OAM and RSA are included in the WAM Token Translator package.
  • Separate third-party Web Agent configured using the WAM server administrative software