CoreBlox

Configuring a CoreBlox SP Adapter instance

Configure the CoreBlox SP Adapter to determine how PingFederate communicates with your service provider (SP) application.

Steps

  1. In the PingFederate admin console, go to Applications > Integration > SP Adapters. Click Create New Instance.

  2. On the Type tab, set the basic adapter instance attributes.

    1. In the Instance Name field, enter a name for the adapter instance.

    2. In the Instance ID field, enter a unique identifier for the adapter instance.

    3. In the Type list, select CoreBlox SP Adapter. Click Next.

  3. (Optional) On the Instance Configuration tab, in the Protected Resource Mapping Table section, define conditions that the SAML assertion has to meet for the user to get access to a protected resource.

    The CoreBlox Token Service allows you to grant permissions to specific realms in specific domains by defining the resource, instance, and action fields. These values are defined in your CTS Agent Config Object (ACO) settings.

    Learn more in the Coreblox Token Service Install and Configuration Guide included in the CoreBlox Token Service download.

    1. Click Add a new row to 'Protected Resource Mapping Table'.

    2. In the Auth Context field, enter the authentication context that has to exist in the SAML assertion, such as Password or MobileTwoFactorContract.

      You can find the complete list of authentication contexts in the Authentication Context for the OASIS Security Assertion Markup Language (SAML) 2.0 [PDF] in the OASIS Open documentation.

    3. (Optional) In the Attribute Filter field, enter an attribute that has to exist in the assertion, such as ${organization}='WidgetCo'.

      You can use AND and OR operators to include multiple attributes or create simple rules. For example, ${organization}='WidgetCo' OR ${organization}='WidgetCoLtd'.

    4. In the Resource field, enter the name of the resource that the user can access when the assertion meets the Auth Context and Attribute Filters conditions.

      For example, /partner_application/partner_landing.html.

    5. In the Instance field, enter the value of the AgentName parameter associated with the default CTS Agent Config Object.

      For example, partner_site_agent.

    6. In the Action field, enter the action, such as GET, POST, or PUT.

    7. In the Action column, click Update.

    8. To add more attributes, repeat steps a - g.

  4. On the Instance Configuration tab, configure the adapter instance by referring to CoreBlox SP Adapter settings reference. Click Next.

  5. (Optional) On the Actions tab, if you set Send Extended Attributes to OpenToken, click Download, and then click Export. Save agent-config.txt.

    You can use this file to decode the OpenToken token that contains the extended attributes.

  6. On the Extended Contract tab, add any attributes that you expect to retrieve other than the SAML subject. Click Next.

  7. On the Target App Info tab, enter the basic information about your SP application. Click Next.

  8. On the Summary tab, click Save.

  9. Create an IdP connection using this CoreBlox SP Adapter instance.

    Learn more in the Service provider SSO configuration in the PingFederate documentation.