Defining token exchange processor policies
To exchange security tokens, the OAuth authorization server needs at least one token exchange processor policy.
Before you begin
Before you define a token exchange processor policy, create the necessary token processor instances. See Managing token processors.
About this task
In the Token Exchange Processor Policy Management window, configure and define a token exchange processor policy.
Steps
-
Go to Applications > Token Exchange > Processor Polices.
-
Click Add Processor Policy.
-
On the Manage Processor Policy tab, enter the policy ID and Name. Click Next.
Select the Actor Token Required checkbox if you want to specify whether the policy requires an actor token as well as a subject token in the token exchange requests from the clients.
-
On the Attribute Contract tab, add attributes to the attribute contract as needed. Click Next.
-
On the Token Processor Mapping tab, map a token processor to each subject token type or each combination of subject token type and actor token type:
-
Click the Map New Token Processor button.
-
On the Token Types tab, from the Subject Token Processor list, select the instance.
-
In the Subject Token Type field, enter the identifier.
-
If an actor token processor is required, from the Actor Token Processorlist, select the instance.
-
In the Actor Token Type field, enter the identifier. Click Next.
-
On the Attribute Sources & User Lookup tab, add additional attribute sources for contract fulfillment as needed. Click Next.
-
On the Contract Fulfillment tab, select the Source and Value for each attribute. Click Next.
-
On the Issuance Criteria tab, specify conditions that attributes must satisfy for PingFederate to exchange the token. Click Next.
-
On the Summary tab, review the token processor mapping. Click Done..
-
-
On Summary tab, review the policy. Click Done.
-
If you want to make the new token exchange processor policy the default policy, click Set as Default on the corresponding row in the table.
-
Click Save.