Page created: 25 Aug 2020
|
Page updated: 8 Feb 2022
| 3 min read
CoreBlox Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
Configure the CoreBlox SP Adapter to determine how PingFederate communicates with your service provider (SP) application.
-
In the PingFederate
administrative console, create a new SP adapter instance.
- For PingFederate 10.1 or later: go to Applications > Integration > SP Adapters. Click Create New Instance.
- For PingFederate 10.0 or earlier: go to Service Provider > Adapters. Click Create New Instance.
-
On the Type tab, set the basic adapter instance
attributes.
- In the Instance Name field, enter a name for the adapter instance.
- In the Instance ID field, enter a unique identifier for the adapter instance.
- From the Type list, select CoreBlox SP Adapter. Click Next.
- Optional:
On the Instance Configuration tab, in the
Protected Resource Mapping Table section, define conditions
that the SAML assertion has to meet for the user to get access to a protected
resource.
Note: The CoreBlox Token Service allows you to grant permissions to specific realms in specific domains by defining the resource, instance, and action fields. These values are defined in your CTS Agent Config Object (ACO) settings. For more information, see page 29 of the CoreBlox Token Service Install and Configuration Guide (1.0 v3) [PDF] documentation and page 27 of the CoreBlox Token Service Installation/Configuration (2.2) [PDF] documentation.
- Click Add a new row to 'Protected Resource Mapping Table'.
-
In the Auth Context field, enter the authentication
context that has to exist in the SAML assertion, such as
Password or
MobileTwoFactorContract.
For a complete list of authentication contexts, see Authentication Context for the OASIS Security Assertion Markup Language (SAML) 2.0 [PDF] on oasis-open.org.
- Optional:
In the Attribute Filter field, enter an attribute that
has to exist in the assertion, such as
${organization}='WidgetCo'.
Tip: You can use
AND
andOR
operators to include multiple attributes or create simple rules. For example, ${organization}='WidgetCo' OR ${organization}='WidgetCoLtd'. - In the Resource field, enter the name of the resource that the user can access when the assertion meets the Auth Context and Attribute Filters conditions. For example, /partner_application/partner_landing.html.
- In the Instance field, enter the value of the AgentName parameter associated with the default CTS Agent Config Object. For example, partner_site_agent.
- In the Action field, enter the action, such as GET, POST, or PUT.
- In the Action column, click Update.
- To add more attributes, repeat steps a-g.
- On the Instance Configuration tab, configure the adapter instance by referring to CoreBlox SP Adapter settings reference. Click Next.
- Optional: On the Actions tab, if you set Send Extended Attributes to OpenToken, click Download, and then click Export. Save agent-config.txt. You can use this file to decode the OpenToken token that contains the extended attributes.
- On the Extended Contract tab, add any attributes that you expect to retrieve other than the SAML subject. Click Next.
- On the Target App Info tab, enter the basic information about your SP application. Click Next.
-
On the Summary tab, check and save your configuration.
- For PingFederate 10.1 or later: click Save.
- For PingFederate 10.0 or earlier: click Done. On the Manage SP Adapter Instances tab, click Save.
- Create an IdP connection using this CoreBlox SP Adapter instance. See Service provider SSO configuration in the PingFederate documentation.