Table of Contents

AgnosticDispatcher

Note

Used to set up access rules for different authentication possibilities.  The dispatcher will, based on incoming data, select the appropriate route the user to the correct authentication.

The first authenticator with a matching expression will be selected.

Properties

Name Description Default value Mandatory
mapping An array of mapping rules used to determine which authenticator should handle the incoming request. Matching rules contains of java script expressions. N/A Yes

Available data to dispatch on

The data that is available are:

  • Request (request.getParameter("myparameter", "defaultvalue"))
  • Session (session.properties().getValueOrDefault("mysessionproperty", "mydefaultvalue"))
  • Item -- only if used within a SequenceAuthenticator or when using a pre-authenticator pipe -- (item.getPropertyValue('itemproperty',''))
  • Context (context.property) -- the following properties are available in Context:
    • requestIssuer (In SAML, this will be the EntityID of the Service Provider issuing the AuthnRequest, in OIDC this will be the client_id parameter)
    • protocol (SAML / OIDC / INTERNAL)
    • requestedAuthenticationContext (List of requested authentication contexts from the SAML or OIDC request)
    • loginHint (the OIDC login_hint parameter)
    • bindingIsHok (SAML parameter -- is the holder-of-key binding selected for the request?)
    • signMessage (SAML parameter -- the SignMessage of the AuthnRequest)
    • isSignRequest (shorthand for 'does signMessage have a value)
    • metaAttributes -- A map of key-value pairs available for this SSO Group. Set by successfully executed authenticators if configured, read more on how to set it here.
    • scope (A list of the authorized OIDC scopes)

Example Configuration

{
    "alias": "dispatch",
    "name": "AgnosticDispatcher",
    "configuration": {
        "mapping": [
            {
                "expression": "context.metaAttributes.getOrDefault('SomeAttribute','').equals('SomeValue')",
                "authenticator": "auth99"
            },{
                "expression": "context.bindingIsHok",
                "authenticator": "auth1"
            },{
                "expression": "!request.getParameter('remoteAddress').startsWith('192.168.1')",
                "authenticator": "auth2"
            },
            {
                "expression": "context.requestIssuer.equals('myIssuerId')",
                "authenticator": "auth3"
            },
            {
                "expression": "context.requestedAuthenticationContext.contains('myacrvalue1')",
                "authenticator": "auth4"
            },
            {
                "expression": "true",
                "authenticator": "mydefaultauthenticator"
            }
        ]
    }
}

Requirements

One or more protocol agnostic authenticators configured.

Authentication