I have read the PingFederate documentation and it says:
An SP adapter is used to create a local-application session for a user in order for PingFederate® to provide SSO access to your applications or other protected resources. You must configure at least one instance of an SP adapter in order to set up connections to IdP partners. You can also configure multiple instances of adapters (based on one or more adapters) to accommodate the varying needs of your IdP partners.
But I don't understand why the IdP connection requires a SP adapter? Why is it required and what does it really do?
In my use case I use PingFederate as an OAuth server and authenticates the users via SP-initiated SSO to external IDPs and then in the OAuth Attribute Mapping of the connection I map the Assertion attributes directly into the persistent grant. Why does not this suffice, I dont understand the need for the SP adapter? How and who is intended to reference the adapter more that the IdP connection itself?
