SAML2Hypr
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Authenticate using Hypr mobile app.
The Hypr authenticator allows for one scenario:
- Starting Hypr on the same device or other device by entering a userID.
On successful authentication, this parameter will be added to the request sent to the connected pipe:
- username - The userID
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| idpID | The internal identifier of the idp used | N/A | Yes |
| pipeID | ID of the pipe to be executed on successful authentication | N/A | Yes |
| samlAuthMethod | The value to be set in the AuthnContextClassRef of the SAML assertion | urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig | No |
| access_token | Access token value to be able to authorize PAS against the Hypr endpoint. | N/A | Yes |
| hyprURL | The root URL of the Hypr tenant backend. | N/A | Yes |
| loginTemplate | Template used for rendering the user facing UI | hypr.template | No |
| templateVariables | Parameters to control the GUI rendering. | N/A | Yes |
| appId | The appID for the Hypr tenant. | N/A | Yes |
| sendSAMLResponseOnError | Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error. | false | No |
| strictValidation | Whether or not additional validation checks should be made on the SAMLRequest. | false | No |
| resolveSAMLRequestProperties | Whether or not request properties from the SAML AuthnRequest should be resolved before proceeding with the authentication. Typically used at the start of an authentication flow. | false | No |
Example Configuration
{
"id": "5826d912-737e-4c5c-bb52-7c3da1d142d1",
"alias": "hypr",
"name": "SAML2Hypr",
"displayName": "Hypr",
"configuration": {
"pipeID": "0f80ec8d-9de9-49a9-b9ca-0f256bf2a96c",
"idpID": "87a7a32e-eeaa-4dc3-80f4-8c91c89f6404",
"access_token": "xxxxxyyyy-zzzzzwwwwww-faaderd",
"hyprURL": "https://zyx-pov.gethypr.com/",
"appId": "app_phenixid_test",
"loginTemplate": "hypr.template",
"translation": [
"hypr.messages.title_starting",
"hypr.messages.title_current_device",
"hypr.messages.title_mobile_device",
"hypr.messages.title_qrcode",
"hypr.messages.text_starting",
"hypr.messages.text_current_device",
"hypr.messages.text_mobile_device",
"hypr.messages.text_qrcode",
"hypr.messages.input_personal_number",
"hypr.messages.button_submit",
"hypr.messages.button_start_over",
"hypr.messages.button_start_manually",
"hypr.messages.info_bankid_link_creation_app",
"hypr.messages.info_bankid_url_link_redirection_success_app",
"hypr.messages.info_open_app",
"hypr.messages.info_rediection_app",
"hypr.messages.info_verified_app",
"hypr.messages.info_qrcode_scanned_app",
"hypr.messages.error_bad_personal_number",
"hypr.messages.error_cancellation",
"hypr.messages.error_request",
"hypr.messages.changeLanguage"
],
"templateVariables": {
"methods": [
{
"title": "hypr.messages.option_label_od",
"image": "/authenticate/res/images/icons/phenixid.png",
"data-toggle-action": "OD"
}
]
}
},
"created": "2021-01-20 18:16:31.46"
}
Requirements
- Hypr tenant URL value
- Hypr access_token value
- Hypr appID value
- PAS must be able to communicate with the Hypr URL
- Hypr app activated for test user