The Token Processor allows the STS to accept and validate an X.509 token from a Web Service Client (WSC) and then map user attributes into a SAML token for the WSC to send to a Web Service Provider (WSP).


Ping Identity provides the Java Client SDK to allow Web Service applications (Client or Provider) to interact with the PingFederate STS. The SDK is available for download from the PingFederate server add-ons page.

The X.509 Token Processor uses the PingFederate security infrastructure for certificate validation and management. PingFederate validates the trust of all certificates. A certificate is trusted if the root certificate of the issuing Certificate Authority (CA) is imported into the PingFederate trusted certificate store or the CA is trusted by the Java Runtime Environment (JRE) in use.

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

System requirements

  • PingFederate 6.0 or higher