WS-Trust STS processing

Page created: 24 Jul 2019 |

Page updated: 8 Feb 2022

| 1 min read

Web Access Management Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator

The following illustration displays a basic Web Services scenario using the PingFederate WS Trust STS in the role of both IdP and SP:

Processing Steps

A WSC sends a Request Security Token (RST) message containing a WAM session token to the PingFederate STS IdP endpoint.
The PingFederate WAM Token Processor extracts, decrypts, parses, and validates the WAM session token. If the WAM session token is valid, PingFederate maps attributes from the WAM session token into a SAML token. PingFederate issues the SAML token based on the SP connection configuration and embeds the token in a Request Security Token Response (RSTR), which is returned to the WSC.
The WSC binds the issued SAML token into a Web Service Security (WSS) header and sends it via a SOAP request to the WSP.
The WSP sends an RST Issue request containing the SAML token to the PingFederate STS SP endpoint. PingFederate validates the SAML token and, if valid, maps attributes from the SAML token into a WAM session. PingFederate issues the WAM session token based on the WAM Token Generator configuration and embeds the token in an RSTR, which is returned to the WSP.
The WSP receives the WAM session token in the RSTR for local domain processing.