Reputation: 21
How to perform token exchange from Entra ID to a Ping token?
Newbie on Pingfederate.
I have a use case where I need an Entra ID Access Token to be exchanged for a Pingfederate Accesses Token with the same claims, so that the application protected by Entra ID can call an API protected by Ping.
Can anyone provide some guidance on how to configure this? There is very little documentation on what to do.
https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_config_oauth_token_exchange.html
I have tried to follow the documentation by setting up:
- token processor using JWT Token processor 2.0, adding Entra ID issuer and an audience guid
- token generator
- processor policy
- token generator mapping
When trying to perform the exchange (using Postman), I'm getting an error that a client ID is missing. Why do I need a Ping client ID? I thought the whole point of token exchange was that Ping trusted Entra ID and would facilitate the exchange without a client credentials login? Otherwise my client app needs to manage 2 registrations (Entra ID and Ping). I don't see client_id listed under token exchange on this page: https://docs.pingidentity.com/pingfederate/latest/developers_reference_guide/pf_oauth_grant_type_param.html
Upvotes: 1
Views: 47
Answers (0)
Related Questions
- How to get SAML Response from Ping Federate Service provider to local server?
- Authenticate Angular Application to Web Api with Existing SSO using Ping Federate
- How to get Information from ping federate open Token
- OAuth client credential grant and token introspection with Ping
- How to generate open token?
- Logging from Ping Federate
- How to configure a Service Provider in Ping Federate
- Open Token expiration in Ping federate
- How to retrieve attributes from LDAP in ping federate?