This section describes how to configure the CoreBlox Token Processor.

  1. Log-on to the PingFederate administrative console and click Token Processors under IdP Configuration on the main menu.
    Note: If you do not see Token Processors on the Main Menu, enable WS-Trust under Server Settings on the Roles and Protocols screen by selecting WS-Trust for the IdP role.
  2. On the Manage Token Processor Instances screen, click Create New Instance.
  3. On the Type screen, enter an Instance Name and Instance Id. The Instance Name is any name you choose for identifying this Token Processor instance.
    Note: The Instance Id is used internally and may not contain any spaces or non-alphanumeric characters and must be uniquely named.
  4. Select CoreBlox Token Processor as the Type and click Next.
  5. Fill in the Instance Configuration screen as follows:
    Field Description
    CoreBlox URL The base URL for CTS requests.
    Validate CoreBlox Certificate Hostname If checked, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL.
    Client Certificate The certificate used for authentication calls to the CTS.
    CoreBlox Tokentype

    The tokentype to be returned from the CTS.

    Note: At time of writing, the only permissible and default value is SMSESSION.
  6. Optional: Click Show Advanced Fields to specify the Token Processor’s authorization configuration settings.
    Field Description
    Perform Authorize Request

    If checked, the Token Processor will make an authorize request to the CTS before accessing the protected resource.

    Note: The following three fields are required for the adapter to make the authorize request.
    Resource The resource that is protected by the agent.
    Instance Refers to the name of the agent instance.
    Action The action to take when evaluating requests against the policy server.
  7. Click Next.
  8. Optional: on the Extended Contract screen, configure additional attributes for the adapter (See Key Concepts in the PingFederate Administrator’s Manual).
  9. Click Next.
  10. On the Token Attributes screen, select the Pseudonym checkbox for the userId attribute. You may select any extended attribute specified on the previous screen.

    For more information about this screen, see Setting Pseudonym Values and Masking in the PingFederate Administrator’s Manual.

  11. Click Next.
  12. On the Summary screen, verify that the information is correct and click Done.
  13. On the Manage Token Processor Instances screen, click Save to complete the Token Generator configuration.