To process the token exchange, you will get the user's security token and make a REST call to PingOne SSO for SaaS Apps to initiate the token exchange.
It is important that you always get and exchange the user token, even if the user already has an active session. This ensures that the proper token exchange occurs. A token will be valid for five minutes or until it is exchanged. The token exchange is a one-time only REST call. After the exchange, the token expires and any subsequent calls using this token return HTTP 404.
Note: Ping Identity periodically deprecates obsolete
TLS protocols and cipher suites. To stay compatible with these changes, you should
ensure that your platform stays within its support life cycle. For example, a Java
application should use a Java version that is currently supported by the Java
vendor.