Field descriptions for the CoreBlox SP Adapter configuration screen.
| Field Name | Description |
|---|---|
| Validate CoreBlox Certificate Hostname |
The hostname of the server certificate presented by the CoreBlox Token Service must match the hostname in the CoreBlox URL field. This check box is selected by default. |
| Client Certificate |
The certificate that the adapter uses to authentication calls to the CoreBlox Token Service. |
| CoreBlox TokenType |
The token type that the CoreBlox Token Service is configured to provide to the adapter. The default and only value is |
| Cookie Name |
The name of the cookie that contains the token used with the CoreBlox Token Service. This field is blank by default. |
| Cookie Domain |
The domain name that the adapter uses when creating cookies. The browser compares this value to the domain of subsequent requests to determine whether the cookie should be submitted. If this field is blank, the adapter uses the domain name of the request.
When sharing cookie across sub-domains, this value must be prefixed with a
period ( This field is blank by default. |
| Cookie Path |
The path that the adapter uses when creating cookies. The browser compares this value to the path of subsequent requests to determine whether the cookie should be submitted. The default value is |
| Cookie Secure Flag |
The adapter writes cookies with the Secure flag. The browser only submits Secure cookies on subsequence HTTPS requests. This check box is selected by default. |
| CoreBlox URL |
The URL for the CoreBlox Token Service. This field is blank by default. |
| Error URL |
When an error occurs in the adapter, PingFederate redirects the browser to
this URL instead of the default error page. This URL can contain query
parameters. The URL has an This field is blank by default. |
| Logged-Out Cookie Value |
The expected value of the cookie when the user has been signed off. The default value is |
| HTTP Only Flag |
When selected, the adapter sets a flag for the cookie. The flag indicates that the cookie should only be read via http requests and disallows Javascript from accessing the cookie. This check box is selected by default. |
| Account Link URL |
The URL to redirect the user to for account linking. This field is blank by default. |
| Field Name | Description |
|---|---|
| Resource |
The resource that is protected by the agent. This field is required if Perform Authorize Request is selected. This field is blank by default. |
| Instance |
Refers to the name of the agent instance. This field is required if Perform Authorize Request is selected. This field is blank by default. |
| Action |
The action to take when evaluating requests against the policy server. This field is required if Perform Authorize Request is selected. This field is blank by default. |
| PingFederate Base URL |
The base URL for PingFederate, such as
The adapter uses this value to create the return URL Cookie Provider URL to create the return URL. Complete this field if you are using a cookie provider to enable single sign-on (SSO) across multiple domains. This field is blank by default. |
| Cookie Provider URL |
The URL of the cookie provider. PingFederate redirects the request to this URL if the session cookie is in a separate domain. Complete this field if you are using a cookie provider to enable single sign-on (SSO) across multiple domains. This field is blank by default. |
| Cookie Provider Target Parameter |
The name of parameter that contains the PingFederate return URL in the redirect to the cookie provider. Complete this field if you are using a cookie provider to enable single sign-on (SSO) across multiple domains. This field is blank by default. |
| Session Cookie Prefix |
The prefix to remove when Remove Session Cookie Prefix is selected. Complete this field if you are using a cookie provider to enable single sign-on (SSO) across multiple domains. When using a cookie provider to enable SSO across multiple domains, tokens are prepended with the security zone name. This field works with the Remove Session Cookie Prefix setting to remove the security name prefix and allow the adapter to process the token. Enter the SSOZoneName from your Agent Configuration Object (ACO)
surrounded by This field is blank by default. |
| Remove Session Cookie Prefix |
The adapter removes the Session Cookie Prefix from the beginning of the session cookie. Select this check box if you are using a cookie provider to enable single sign-on (SSO) across multiple domains. This check box is cleared by default. |
| Disable Refresh Session Cookie |
The adapter does not refresh session cookies when validating them. This allows other dependent applications to manage the session cookie. This check box is cleared by default. |
| Perform Authorize Request |
The adapter makes an authorize request to the CoreBlox Token Service before accessing the protected resource. This check box is cleared by default. |
| Send Extended Attributes |
The method that the adapter uses to send extended attributes. |
| Send Session Attributes |
Includes the attribute contract as session attributes in the call to the CoreBlox Token Service. The default selection is |
| OpenToken Transfer Method |
The method that the adapter uses to transport the OpenToken. The default selection is |
| OpenToken Name |
The name of the cookie or request attribute that contains the OpenToken. This name should be unique for each adapter instance. |
| OpenToken Password |
The password that the adapter uses when encrypting extended attributes. |
| Send Session Attributes |
When selected, the adapter includes the attribute contract as session attributes in the call to the CoreBlox Token Service. This check box is cleared by default. |
| Ignore Session Cookie |
When selected, the adapter ignores any existing session cookie on the request and creates a new one. This check box is cleared by default. |