Product Documentation >   >  PingFederate 6.6 >  SDK Developer's Guide >  Implementation Guidelines >  Token Generator Implementation
PingFederate 6.6
Token Generator Implementation

You create a token-generator implementation by implementing the TokenGenerator interface. The Java packages needed, at a minimum, for implementing this interface are:

  • org.sourceid.saml20.adapter.sp.authn
  • org.sourceid.saml20.adapter.gui
  • org.sourceid.saml20.adapter.conf
  • org.sourceid.wstrust.model
  • org.sourceid.wstrust.plugin
  • org.sourceid.wstrust.plugin.process
  • com.pingidentity.sdk

For each token-generator implementation, you must define the following:

  • UI Configuration Descriptor
  • Configuration Retrieval
  • Token Generation
Token Generator UI Configuration Descriptor
PluginDescriptor getPluginDescriptor()

Deploying your token generator requires configuration of a token-generator instance in the PingFederate administrative console. The TokenGenerator interface includes a getPluginDescriptor() method (inherited from DescribablePlugin) which returns an PluginDescriptor. Your token-generator implementation populates the PluginDescriptor with FieldDescriptors presented as UI controls to the administrator through the PingFederate administrative console.

The api-usage-example for an SP adapter provided with the SDK shows how to use most of the configuration FieldDescriptors, data Validators, and Actions. These implementations generally apply to token-generator implementations as well.

Token Generator Configuration Retrieval
void configure(Configuration configuration)

During processing of a STS transaction, a token-generator instance must reference its configuration as set by the administrator in the PingFederate UI. The TokenGenerator.configure() method (inherited from ConfigurablePlugin) provides access to this data. During transaction processing, PingFederate calls this method and passes in a Configuration object. The Configuration object provides access to the configuration values.

The api-usage-example SP adapter provided with the SDK shows how to use the configure() method to retrieve an adapter-instance configuration. Once your implementation captures the configuration values, the token instance can use them during token processing or generation.

Token Generation
SecurityToken generateToken(TokenContext attributeContext)

PingFederate optionally invokes the generateToken() method during the processing of an STS request to perform necessary operations for generation of a security token. Type BinarySecurityToken is available and may be used to represent custom security tokens that can be transported as Base64-encoded data. The TokenContext contains subject data available for insertion into the generated security token.