CoreBlox

CoreBlox IdP Adapter settings reference

Field descriptions for the CoreBlox IdP Adapter configuration screen.

Standard fields
Field Name Description

CoreBlox URL

The URL for the CoreBlox Token Service.

This field is blank by default.

Validate CoreBlox Certificate Hostname

The hostname of the server certificate presented by the CoreBlox Token Service must match the hostname in the CoreBlox URL field.

This checkbox is selected by default.

Client Certificate

The certificate that the adapter uses to authentication calls to the CoreBlox Token Service.

CoreBlox TokenType

The token type that the CoreBlox Token Service is configured to provide to the adapter.

The default and only value is SMSESSION.

Cookie Name

The name of the cookie that contains the token used with the CoreBlox Token Service.

This field is blank by default.

Cookie Domain

The domain name that the adapter uses when creating cookies. The browser compares this value to the domain of subsequent requests to determine whether the cookie should be submitted.

If this field is blank, the adapter uses the domain name of the request. When sharing cookie across subdomains, this value must be prefixed with a period (.).

This field is blank by default.

Cookie Path

The path that the adapter uses when creating cookies. The browser compares this value to the path of subsequent requests to determine whether the cookie should be submitted.

The default value is /.

Cookie Secure Flag

The adapter writes cookies with the Secure flag. The browser only submits Secure cookies on subsequent HTTPS requests.

This checkbox is selected by default.

Error URL

When an error occurs in the adapter, PingFederate redirects the browser to this URL instead of to the default error page. This URL can contain query parameters. The URL has an errorMessage appended to it, which contains a brief description of the error that has occurred.

This field is blank by default.

Logged-Out Cookie Value

The expected value of the cookie when the user has been signed off.

The default value is LOGGEDOFF.

HTTP Only Flag

The adapter sets a flag for the cookie. The flag indicates that the cookie should only be read through HTTP requests and disallows Javascript from accessing the cookie.

This checkbox is selected by default.

Login URL

An optional URL for the authentication service.

If the cookie isn’t found in the request, PingFederate redirects the request to this URL along with the relative resume path.

This field is blank by default.

Authentication Context

This can be any value agreed upon with your SP partner that indicates how the user was authenticated. The value is included in the SAML assertion.

This field is blank by default.
Advanced fields
Field Name Description

Perform Authorize Request

The adapter makes an authorize request to the CoreBlox Token Service before accessing the protected resource.

This checkbox is cleared by default.

Resource

The resource that is protected by the agent.

This field is required if Perform Authorize Request is selected.

This field is blank by default.

Instance

Refers to the name of the agent instance.

This field is required if Perform Authorize Request is selected.

This field is blank by default.

Action

The action to take when evaluating requests against the policy server.

This field is required if Perform Authorize Request is selected.

This field is blank by default.

PingFederate Base URL

The base URL for PingFederate, such as https://pf_host:pf_port/.

The adapter uses this value to create the return URL Cookie Provider URL to create the return URL.

Complete this field if you’re using a cookie provider to enable single sign-on (SSO) across multiple domains.

This field is blank by default.

Cookie Provider URL

The URL of the cookie provider. PingFederate redirects the request to this URL if the session cookie is in a separate domain.

Complete this field if you’re using a cookie provider to enable SSO across multiple domains.

This field is blank by default.

Cookie Provider Target Parameter

The name of parameter that contains the PingFederate return URL in the redirect to the cookie provider.

Complete this field if you’re using a cookie provider to enable SSO across multiple domains.

This field is blank by default.

Session Cookie Prefix

The prefix to remove when Remove Session Cookie Prefix is selected.

Complete this field if you’re using a cookie provider to enable SSO across multiple domains.

When using a cookie provider to enable SSO across multiple domains, tokens are prepended with the security zone name. This field works with the Remove Session Cookie Prefix setting to remove the security name prefix and to allow the adapter to process the token.

Enter the SSOZoneName from your Agent Configuration Object (ACO) surrounded by -. For the default security zone name, enter -SM-.

This field is blank by default.

Remove Session Cookie Prefix

The adapter removes the Session Cookie Prefix from the beginning of the session cookie.

Select this check box if you’re using a cookie provider to enable SSO across multiple domains.

This checkbox is cleared by default.

Disable Refresh Session Cookie

The adapter doesn’t refresh session cookies when validating them. This allows other dependent applications to manage the session cookie.

This checkbox is cleared by default.