CoreBlox

Configuring the SP token generator

About this task

This section describes how to configure the CoreBlox SP Token Generator.

Steps

  1. Log on to the PingFederate administrative console and click Token Generators under SP Configuration on the Main Menu.

  2. On the Manage Token Generator Instances screen, click Create New Instance.

  3. On the Type screen, enter an Instance Name and Instance Id. The Instance Name is any name you choose for identifying this Token Generator Instance.

    The Instance Id is used internally and may not contain any spaces or non-alphanumeric characters and must be uniquely named.

  4. Select CoreBlox Token Generator X.0 as the Type and click Next.

  5. On the SP Adapter screen, click Add a new row to ‘Protected Resource Mapping Table’ and provide the following information into the table:

    Field Description

    Auth Context

    The attribute containing authentication context. The name of this attribute needs to be specified below as Auth Context Attribute Name.

    Attribute Filter

    The names and values of attributes that the assertion must contain for this Protected Resource.

    Protected Resource

    The protected resource to be accessed if the Authentication Context and Attribute Filters in the assertion match the provided values.

  6. Click Updatein the Action column. Repeat this step as needed.

  7. Provide entries on the Instance Configuration screen, as described in the table below:

    Field Description

    CoreBlox URL

    The URL for the CTS.

    Validate CoreBlox Certificate Hostname

    If checked, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL.

    Client Certificate

    The certificate used for authentication calls to the CTS.

    CoreBlox Tokentype

    The tokentype to be returned from the CTS.

    At time of writing, the only permissible value is SMSESSION.

    Base64 Decode The Token

    If checked, the token returned from the CTS will be base64-decoded. This prevents the token from being encoded twice.

  8. Optional: Click Show Advanced Fields to specify the Token Processor’s authorization configuration settings.

    Field Description

    Context Attribute Name

    (Optional) Attribute Name containing Authentication Context used for mapping protected resource. This value is required if Perform Authorize Request is checked and the Protected Resource Mapping Table is not empty.

    Perform Authorize Request

    If checked, the adapter will make an authorize request to the CTS before accessing the protected resource.

    The following three fields, Resource, Instance, and Action are required for the adapter to make the authorize request.

    Resource

    The resource that is protected by the agent.

    Instance

    Refers to the name of the agent instance.

    Action

    The action to take when evaluating requests against the policy server.

  9. Click Next.

  10. Optional: On the Extended Contract screen for a connection, configure additional attributes for the Token Generator. Any attributes configured in this step are added to the request header.

  11. Click Next.

  12. On the Summary screen, verify that the information is correct and click Done.

  13. On the Manage Token Generator Instances screen, click Save to complete the Token Generator configuration.