Overview of the IdP SSO flow
With the CoreBlox Integration Kit, PingFederate allows the identity provider (IdP) to access user attributes from the CoreBlox Token Service (CTS).
The following figure illustrates an IdP-initiated single sign-on (SSO) scenario in which PingFederate generates an assertion using a CoreBlox IdP Adapter session cookie.
Description
-
A user initiates an SSO transaction by authenticating with the IdP.
-
The login service authenticates the user with the CoreBlox Token Service (CTS).
-
The IdP sets a session cookie in the browser and redirects the browser to PingFederate.
-
PingFederate uses the session cookie to query the CTS for user attributes associated with the session. The CTS returns the user attributes.
-
The adapter wraps the user attributes in an assertion. PingFederate redirects the browser to the service provider with the assertion.