I have read the PingFederate documentation and it says:
An SP adapter is used to create a local-application session for a user in order for PingFederate® to provide SSO access to your applications or other protected resources. You must configure at least one instance of an SP adapter in order to set up connections to IdP partners. You can also configure multiple instances of adapters (based on one or more adapters) to accommodate the varying needs of your IdP partners.
But I don't understand why the IdP connection requires a SP adapter? Why is it required and what does it really do?
In my use case I use PingFederate as an OAuth server and authenticates the users via SP-initiated SSO to external IDPs and then in the OAuth Attribute Mapping of the connection I map the Assertion attributes directly into the persistent grant. Why does not this suffice, I dont understand the need for the SP adapter? How and who is intended to reference the adapter more that the IdP connection itself?
You're absolutely right, in some cases (like yours) an SP adapter is unnecessary.
Under your IdP Connection, under Browser SSO > User-Session Creation > Identity Mapping there is an option for "No Mapping" which will avoid having to map into an SP adapter. For more details see: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=uql1564003010611.html
The "No Mapping" option was introduced in PingFederate 8.1, so if you're on an earlier release it may not be available. In that case a "dummy" SP adapter should be mapped into your connection (even though it may not be used).