Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
The following steps describe a basic WS-Trust Security Token Service (STS) scenario in which PingFederate validates an X.509 token and issues a SAML token.
- A WSC sends a Request Security Token (RST) message containing an X.509 token to the PingFederate STS IdP endpoint.
- The PingFederate X.509 Token Processor validates the X.509 token and, if valid, maps attributes from the X.509 token into a SAML token. PingFederate issues the SAML token based upon the SP connection configuration and embeds the token in a Request Security Token Response (RSTR) which is returned to the WSC.
- The WSC binds the issued SAML token into a Web Service Security (WSSE) header and sends this through a SOAP request to the Web Service Provider (WSP).