CoreBlox

Configuring the IdP token processor

This section describes how to configure the CoreBlox Token Processor.

Steps

  1. Sign on to the PingFederate admin console and click Token Processors under IdP Configuration on the main menu.

    If you don’t see Token Processors on the main menu, enable WS-Trust under Server Settings on the Roles and Protocols screen by selecting WS-Trust for the IdP role.

  2. On the Manage Token Processor Instances page, click Create New Instance.

  3. On the Type tab:

    1. In the Instance Name field, enter a name of your choice for the token processor instance.

    2. In the Instance ID field, enter a unique identifier for the token processor instance.

      The Instance ID is used internally. It can’t contain any spaces or non-alphanumeric characters, and it must be uniquely named.

  4. In the Type list, select CoreBlox Token Processor. Click Next.

  5. On the Instance Configuration page, complete the following fields:

    Standard fields
    Field Description

    CoreBlox URL

    The base URL for CTS requests.

    Validate CoreBlox Certificate Hostname

    If selected, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL.

    Client Certificate

    The certificate used for authentication calls to the CTS.

    CoreBlox Tokentype

    The tokentype to be returned from the CTS.

    The only permissible value is SMSESSION. This is also the default value.

  6. (Optional) Click Show Advanced Fields to specify the token processor’s authorization configuration settings.

    Advanced fields
    Field Description

    Perform Authorize Request

    If selected, the token processor makes an authorize request to the CTS before accessing the protected resource.

    The following three fields are required for the adapter to make the authorize request.

    Resource

    The resource that the agent protects.

    Instance

    Refers to the name of the agent instance.

    Action

    The action to take when evaluating requests against the policy server.

  7. Click Next.

  8. (Optional) On the Extended Contract tab, configure additional attributes for the adapter.

    Learn more about key concepts in the Administrator’s reference guide in the PingFederate documentation.

  9. Click Next.

  10. On the Token Attributes page, select the Pseudonym checkbox for the userId attribute.

    You can also select this checkbox for any extended attributes specified on the Extended Contract tab.

    Learn more in Setting pseudonym and masking options in the PingFederate documentation.

  11. Click Next.

  12. On the Summary tab, verify that everything is correct, then click Done.

  13. On the Manage Token Processor Instances page, click Save to complete the token generator configuration.