PostUidPasswordAndOTPSAML
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Used when authentication is done through uid, pwd and OTP. Either using sending a text to a mobile phone OR using a token generator.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| idpID | The iternal identifier of the idp used | N/A | Yes |
| userValidationPipeID | Id of the pipe used to validate UID and password | N/A | Yes |
| otpValidationPipeID | Id of the pipe used to validate the OTP. This pipe will aslo issue the saml assertion. | N/A | Yes |
| samlAuthMethod | What value is set in the AuthnContextClassRef | urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract | No |
| loginTemplate | UI template used for rendering enduser UI when entering uid and passwor | login | No |
| otp | UI template used for rendering enduser UI when entering otp | otp | No |
| userNameParamName | Parameter where username resides | username | Yes |
| passworParamterName | Parameter where password resides | password | Yes |
| otpParamterName | Parameter where otp resides | otp | Yes |
| useOTPLoggingKey | If used in a username and OTP context set to true in order to get correct event id logged | false | No |
| sendSAMLResponseOnError | Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error. | false | No |
| strictValidation | Whether or not additional validation checks should be made on the SAMLRequest. | false | No |
| resolveSAMLRequestProperties | Whether or not request properties from the SAML AuthnRequest should be resolved before proceeding with the authentication. Typically used at the start of an authentication flow. | false | No |
Example Configuration
{
"alias": "uidpwdotpsaml",
"name": "PostUidPasswordAndOTPSAML",
"configuration": {
"idpID": "idp",
"userValidationPipeID":"authPipe",
"otpValidationPipeID":"validationPipe"
}