To exchange security tokens, the OAuth authorization server needs at least one token
exchange processor policy.
Before you define a token exchange processor policy, create the
necessary token processor instances. See Managing token processors. In the Token Exchange Processor Policy
Management window, configure and define a token exchange processor
policy.
Go to Applications > Token Exchange > Processor Polices to open theToken Exchange Processor Policy
Management window.
Click Add Processor Policy.
The Token Exchange Processor Policy window opens.
On the Manage Processor Policy tab, enter the policy
ID and Name. Click
Next.
Select the Actor Token Required check box if you want
to specify whether the policy requires an actor token as well as a subject
token in the token exchange requests from the clients.
On the Attribute Contract tab, add attributes to the
attribute contract as needed. Click Next.
On the Token Processor Mapping tab, map a token
processor to each subject token type or each combination of subject token type
and actor token type:
Click the Map New Token Processor button.
The Token Processor Mapping window opens.
On the Token Types tab, from the
Subject Token Processor list, select the
instance.
In the Subject Token Type field, enter the
identifier.
If an actor token processor is required, from the Actor
Token Processorlist, select the instance.
In the Actor Token Type field, enter the
identifier. Click Next.
On the Attribute Sources & User Lookup tab,
add additional attribute sources for contract fulfillment as needed.
Click Next.
On the Contract Fulfillment tab, select the
Source and Value for
each attribute. Click Next.
On the Issuance Criteria tab, specify conditions
that attributes must satisfy for PingFederate to exchange the token.
Click Next.
On the Summary tab, review the token processor
mapping. Click Done.
PingFederate returns you to the Token Exchange Processor
Policy window.
On Summary tab, review the policy. Click
Done.
The Token Exchange Processor Policy Management
window opens.
If you want to make the new token exchange processor policy the default policy,
click Set as Default on
the
corresponding row in the table.