CoreBlox

Configuring the IdP token processor

About this task

This section describes how to configure the CoreBlox Token Processor.

Steps

  1. Sign on to the PingFederate administrative console and click Token Processors under IdP Configuration on the main menu.

    If you don’t see Token Processors on the main menu, enable WS-Trust under Server Settings on the Roles and Protocols screen by selecting WS-Trust for the IdP role.

  2. On the Manage Token Processor Instances screen, click Create New Instance.

  3. On the Type screen, enter an Instance Name and Instance ID. The instance name is any name you choose for identifying this token processor instance.

    The Instance ID is used internally and cannot contain any spaces or non-alphanumeric characters. It must be uniquely named.

  4. Select CoreBlox Token Processor as the Type and click Next.

  5. Fill in the Instance Configuration screen as follows:

    Field Description

    CoreBlox URL

    The base URL for CTS requests.

    Validate CoreBlox Certificate Hostname

    If checked, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL.

    Client Certificate

    The certificate used for authentication calls to the CTS.

    CoreBlox Tokentype

    The tokentype to be returned from the CTS.

    The only permissible and default value is SMSESSION.

  6. Optional: Click Show Advanced Fields to specify the token processor’s authorization configuration settings.

    Field Description

    Perform Authorize Request

    If selected, the token processor will make an authorize request to the CTS before accessing the protected resource.

    The following three fields are required for the adapter to make the authorize request.

    Resource

    The resource that is protected by the agent.

    Instance

    Refers to the name of the agent instance.

    Action

    The action to take when evaluating requests against the policy server.

  7. Click Next.

  8. (Optional) On the Extended Contract screen, configure additional attributes for the adapter. Learn more about key concepts in the PingFederate Administrator’s Reference Guide.

  9. Click Next.

  10. On the Token Attributes screen, select the Pseudonym checkbox for the userId attribute. You can select any extended attribute specified on the previous screen.

    Learn more about this screen in Setting Pseudonym Values and Masking in the PingFederate Administrator’s Reference Guide.

  11. Click Next.

  12. On the Summary screen, verify that the information is correct and click Done.

  13. On the Manage Token Processor Instances screen, click Save to complete the token generator configuration.