OIDCUidOneTouch
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
This authenticator is DEPRECATED. Please setup a SAML Identity Provider with the corresponding authentication method. Connect your OpenID Connect Provider to the SAML IdP using the scenario OIDC->SAML Identity Provider (internal or external).
Used when authenticating using username & One Touch.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| pipeID | The id of the pipe validating username & passwor | N/A | Yes |
| loginTemplate | Name of the template file presenting the enduser UI entering credentials | ot_login.template | No |
| userNameParamName | Parameter containing the username | username | No |
| serviceName | Name of the service shown in the One touch assignment | PhenixID | No |
| notify | Should push be used. Note that push must be enabled on server level in orde for this to work | true | No |
| pollingTemplate | Template used when polling for status of the pending One Touch authentication | onetouchpoll.template | No |
| clientTemplate | Template rendering the assignment sent to One Touch client | ot_auth_template | No |
| ot_push_message | Message shown on the client when using push | login.assignment.client.message.ot_push_message | No |
| useSessionManagement | Whether or not to return session_state | false | No |
Example Configuration
{
"alias": "OIDCUidOneTouch",
"name": "OIDCUidOneTouch",
"configuration": {
"pipeID": "authPipe"
}
]
}
}
Configuring consent
To use consent, two parts needs to be configured. The authenticator in use and the authentication pipe.
Two consent parameters must be configured on the authenticator.
Secondly an additional valve, OIDCConsentDataValve, must be configured with the data the user will be asked to approve being sent. The format and available rules of the consent data can be found on the documentation page for the OIDCConsentDataValve.
Requirements
One Touch enabled on the system and at least one active profile on the user trying to authenticate.
When using consent, a session must be available and the OIDCConsentDataValve must be placed before the SessionPersistValve in the pipe.
The data must be fetched prior to OIDCConsentDataValve with for example LDAPSearchValve.