With the CoreBlox Integration Kit, PingFederate allows the identity provider (IdP) to access user attributes from the CoreBlox Token Service (CTS).
The following figure illustrates an IdP-initiated single sign-on (SSO) scenario in which PingFederate generates an assertion using a CoreBlox IdP Adapter session cookie.
- A user initiates an SSO transaction by authenticating with the IdP.
- The login service authenticates the user with the CoreBlox Token Service (CTS).
- The IdP sets a session cookie in the browser and redirects the browser to PingFederate.
- PingFederate uses the session cookie to query the CTS for user attributes associated with the session. The CTS returns the user attributes.
- The adapter wraps the user attributes in an assertion. PingFederate redirects the browser to the service provider with the assertion.