Page created: 24 Jul 2019 |
Page updated: 8 Feb 2022
This section describes how to configure the CoreBlox SP Token Generator.
- Log on to the PingFederate administrative console and click Token Generators under SP Configuration on the Main Menu.
- On the Manage Token Generator Instances screen, click Create New Instance.
On the Type screen, enter an Instance Name and Instance
Id. The Instance Name is any name you choose for identifying this Token
Note: The Instance Id is used internally and may not contain any spaces or non-alphanumeric characters and must be uniquely named.
- Select CoreBlox Token Generator X.0 as the Type and click Next.
On the SP Adapter screen, click
Add a new row to ‘Protected Resource Mapping Table’
and provide the following information into the table:
Field Description Auth Context The attribute containing authentication context. The name of this attribute needs to be specified below as Auth Context Attribute Name. Attribute Filter The names and values of attributes that the assertion must contain for this Protected Resource.a Protected Resource The protected resource to be accessed if the Authentication Context and Attribute Filters in the assertion match the provided values.
- Click Update in the Action column. Repeat this step as needed.
Provide entries on the Instance Configuration screen, as described in the table below:
Field Description CoreBlox URL The URL for the CTS. Validate CoreBlox Certificate Hostname If checked, the hostname of the server certificate presented by the CTS must match the hostname of the CoreBlox URL. Client Certificate The certificate used for authentication calls to the CTS. CoreBlox Tokentype
The tokentype to be returned from the CTS.Note: At time of writing, the only permissible value is
Base64 Decode The Token If checked, the token returned from the CTS will be base64-decoded. This prevents the token from being encoded twice.
Click Show Advanced Fields to specify the Token Processor’s authorization configuration settings.
Field Description Context Attribute Name (Optional) Attribute Name containing Authentication Context used for mapping protected resource. This value is required if Perform Authorize Request is checked and the Protected Resource Mapping Table is not empty. Perform Authorize Request
If checked, the adapter will make an authorize request to the CTS before accessing the protected resource.Note: The following three fields, Resource, Instance, and Action are required for the adapter to make the authorize request.
Resource The resource that is protected by the agent. Instance Refers to the name of the agent instance. Action The action to take when evaluating requests against the policy server.
- Click Next.
- Optional: On the Extended Contract screen for a connection, configure additional attributes for the Token Generator. Any attributes configured in this step are added to the request header.
- Click Next.
- On the Summary screen, verify that the information is correct and click Done.
- On the Manage Token Generator Instances screen, click Save to complete the Token Generator configuration.