CoreBlox Token Service

CoreBlox Token Service (CTS) makes it straightforward to establish the Symantec SiteMinder Policy Server as the master decision maker so that there is no confusion over how inter-application transactions should be handled. CTS is flexible, lightweight, and available for a maintenance-only subscription. No custom coding is required for deployment.

The CoreBlox Token Service (CTS) is a Java REST Web Service that gives you a convenient, secure, and reliable way to exchange tokens between Symantec SiteMinder (formerly ‘CA Single Sign-On’) and PingFederate.

CTS interacts with CA Site Minder Policy Servers. It behaves as a full-featured web agent, talking to multiple policy servers. It supports round robin and failover communication.

CTS can be deployed in two different architectures to interoperate with PingFederate: the PingFederate Jetty Instance or the Standalone configuration. In both cases, CTS works with PingFederate’s CoreBlox Token Adapters to do support these functions:

Use Case 1

User authenticates to a CA SSO/SiteMinder resource. New or existing SMSESSION Tokens can then be exchanged for access to a PingFederate protected application, with no additional challenges, allowing single sign-on to both platforms.

Use Case 2

User starts at PingFederate and accesses SP Adapter for access to a Symantec SiteMinder application. The Ping Identity CoreBlox Integration Kit provides CTS trusted information about the user and generates an SMSESSION based on this information. Now the user has valid sessions and can work seamlessly across both platforms.


CoreBlox Token Service can be deployed in one of the two scenarios above, depending on your requirements and infrastructure layout of CA SiteMinder and Ping Federate.

You can talk to multiple CA SSO instances (B2E, B2B, B2C) from a single PingFederate infrastructure, using multiple Standalone instances of CTS on the same server. In addition to basic trust and token exchange, there are also specific customizations which allow identifying attributes to be exchanged for additional authorization enforcement or content delivery in both directions.

New call-to-action
New call-to-action