CoreBlox

Configuring the SP token generator

This section describes how to configure the CoreBlox SP Token Generator.

Steps

  1. Sign on to the PingFederate admin console. In the SP Configuration section, click Token Generators.

  2. On the Manage Token Generator Instances page, click Create New Instance.

  3. On the Type tab:

    1. In the Instance Name field, enter a name of your choice for the token processor instance.

    2. In the Instance ID field, enter a unique identifier for the token processor instance.

      The Instance ID is used internally. It can’t contain any spaces or non-alphanumeric characters, and it must be uniquely named.

  4. In the Type list, select CoreBlox Token Generator <version>. Click Next.

  5. On the SP Adapter page, click Add a new row to 'Protected Resource Mapping Table' and enter the following information into the table:

    Protected resource mapping table fields
    Field Description

    Auth Context

    The attribute containing authentication context.

    The name of this attribute needs to be specified in the Context Attribute Name advanced field in step 7 if you’re using advanced fields in your configuration.

    Attribute Filter

    The names and values of attributes that the assertion must contain for this protected resource.

    Protected Resource

    The protected resource to be accessed if the authentication context and attribute filters in the assertion match the provided values.

    1. Click Update in the Action column.

      Repeat step 5 as necessary.

  6. On the Instance Configuration tab, complete the following fields:

    Standard fields
    Field Description

    CoreBlox URL

    The URL for the CTS.

    Validate CoreBlox Certificate Hostname

    If selected, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL.

    Client Certificate

    The certificate used for authentication calls to the CTS.

    CoreBlox Tokentype

    The tokentype to be returned from the CTS.

    The only permissible value is SMSESSION. This is also the default value.

    Base64 Decode The Token

    If selected, the token the CTS returns will be base64-decoded. This prevents the token from being encoded twice.

  7. (Optional) Click Show Advanced Fields to specify the token processor’s authorization configuration settings.

    Advanced fields
    Field Description

    Context Attribute Name

    The name of the attribute containing the Auth Context used for mapping protected resources.

    This value is required if Perform Authorize Request is selected and the Protected Resource Mapping Table isn’t empty.

    Perform Authorize Request

    If selected, the adapter will make an authorize request to the CTS before accessing the protected resource.

    The following three fields are required for the adapter to make the authorize request.

    Resource

    The resource that is protected by the agent.

    Instance

    Refers to the name of the agent instance.

    Action

    The action to take when evaluating requests against the policy server.

  8. Click Next.

  9. (Optional) On the Extended Contract tab, configure additional attributes for the Token Generator.

    Any attributes configured in this step are added to the request header.

  10. Click Next.

  11. On the Summary screen, verify that everything is correct, then click Done.

  12. On the Manage Token Generator Instances page, click Save.