Comments (1)
Documentation
Configuring the service provider
- Create the service provider in normal steps
- Go to "Under local and outbound Authentication" configuration
- Select "Advanced Authentication"
- Select and configure more than one authentication steps. Each step can be either local, or federated. You can configure multi-option step too.
- Click on "Authentication Script", to unwrap the script editor.
Configuring steps based on request parameters
e.g. Use ACR from the authentication request to determine the level of assurance
- Pre-Requisites: Configure three steps in step configuration
- Here we use the "Authentication Context Class Reference" (ACR) from OpenId Connect.
- fails the authentication, If ACR is not present.
function onInitialRequest(context) {
var acr = context.acr;
switch (acr) {
case "level0" : executeStep({id : '1'}); return;
case "level1" : executeStep({id : '1'});executeStep({id : '2'}); return;
case "level3" : executeStep({id : '1'});executeStep({id : '2'});;executeStep({id : '3'}); return;
default: fail(); return;
}
}
Configuring steps based on result of the first step
e.g.
Execute an additional authentication step if the user has a role "admin".
function onInitialRequest(context) {
executeStep({
id: '1',
on: {
success: function (context) {
var isAdmin = hasRole(context, 'admin');
Log.info("--------------- Has Admin " + isAdmin);
if (isAdmin) {
executeStep({id: '2'});
executeStep({id: '3’'});
}
}
}
});
}
Using HTTP context to change authentication behavior
e.g.
Show the second factor when the user comes from a browser which is not seen previously.
We use a cookie to identify the browser in this situation
function onInitialRequest(context) {
executeStep({
id: '1',
on: {
success: function (context) {
if (context.request.cookies.testcookie) {
log.info("--------------- cookie testcookie found in request.");
log.info("--------------- cookie testcookie.value: " + context.request.cookies.testcookie.value);
log.info("--------------- cookie testcookie.domain: " + context.request.cookies.testcookie.domain);
log.info("--------------- cookie testcookie.max-age: " + context.request.cookies.testcookie["max-age"]);
log.info("--------------- cookie testcookie.path: " + context.request.cookies.testcookie.path);
log.info("--------------- cookie testcookie.secure: " + context.request.cookies.testcookie.secure);
log.info("--------------- cookie testcookie.version: " + context.request.cookies.testcookie.version);
log.info("--------------- cookie testcookie.httpOnly: " + context.request.cookies.testcookie.httpOnly);
} else {
executeStep({
id: '2',
on: {
success: function (context) {
log.info("--------------- setting cookie : testcookie");
context.response.headers["Set-Cookie"] = "testcookie=1FD36B269C61; Path=/; Secure; HttpOnly; Expires=Wed, 21 Jan 2018 07:28:00 GMT"
}
}
});
}
}
}
});
}
from carbon-identity-framework.
Related Issues (20)
- UserMgtFailureAuditLoggerTest is skippped
- JS Functions, Getting current tenant domain by context instead of threadlocal HOT 1
- MultiAttributeSeperator always overriden by DefaultClaimHandler HOT 1
- Please open a security advisory
- Error log in wso2carbon log- ERROR {org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler} - Invalid argument: 'otherDialectURI' is 'NULL'
- Database tables duplicated in postgresql create script
- Authenticated subject is not passing properly
- Can JSONRequestParser/ResponseWriter be pulled into their own jar?
- Fix unique constraint in configuration management test script
- Missing brace in the identity.xml.j2
- Implement deletion of Identity Providers on Tenant Deletion
- Implement deletion of all consents of a tenant on tenant deletion
- Implement deletion of Claim Metadata on Tenant Deletion
- Implement deletion of Service Provider Apps on Tenant Deletion
- Implement deletion of Workflows on Tenant Deletion
- Post Application Listeners are not called when creating a Service Provider from Mgt Console
- Repeated DB calls when external claims are retrieved
- Multiple "update IDP" queries being Issued In the authentication flow HOT 1
- External claim retrieval oracle query issue
- Add character set definition for all the tables HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from carbon-identity-framework.