SAMLAnonymousAssignmentAuthenticator
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Authenticate users with a QR-code or on the same device using PhenixID One Touch.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| cancelURL | The URL to redirect the browser to, after authentication has been cancelled. If not specified, the browser restarts the authenticator. | No | |
| pipeID | The pipe to be executed after confirming the assignment. Empty for skipping this step. | No | |
| idpID | Id of the pipe used to issue the SAML assertion | Yes | |
| issuer | The issuer of the One Touch certificate. | Yes | |
| login_template_name | Login form template (html). | anonymousassignment.template | No |
| assignment_template_name | Assignment template shown in the One Touch App. | ot_anonymous_auth_template.json | No |
| poll_intervall | Number of milliseconds to wait between each poll for confirmed assignment. | 1000 | No |
| max_polls | Max number of polls for confirmed assignment to perform before timing out. | 60 | No |
| autostart | Autostarts the one touch client on the same device. | true | No |
| allowLanguageChange | Enable or disable the option to choose language. | No | |
| samlAuthMethod | What value is set in the AuthnContextClassRef. | urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient | No |
| title_translation_key | The key of the title displayed on the webpage | login.anonymousassignment.title | No |
| scanqr_translation_key | The key of the scan qr text displayed on the webpage | login.anonymousassignment.scanqr | No |
| confirm_translation_key | The key of the confirm text displayed on the webpage | login.anonymousassignment.confirm | No |
| rejected_translation_key | The key of the rejected text displayed on the webpage | login.anonymousassignment.rejected | No |
| timeout_translation_key | The key of the timeout text displayed on the webpage | login.anonymousassignment.timeout | No |
| error_translation_key | The key of the error text displayed on the webpage | login.anonymousassignment.error | No |
| cancelled_translation_key | The key of the cancerlled text displayed on the webpage | login.anonymousassignment.cancelled | No |
| open_onetouch_translation_key | The translation key for opening one touch on the same device | login.anonymousassignment.open_onetouch | No |
| onetouch_on_other_device_translation_key | The translation key for using one touch onm other device. | login.anonymousassignment.onetouch_on_other_device | No |
| cancel_translation_key | The translation key for the cancel button. | common.messages.btn.cancel | No |
| ok_translation_key | The translation key for the modal ok button. | btn.messages.okay | No |
| sendSAMLResponseOnError | Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error. | false | No |
| strictValidation | Whether or not additional validation checks should be made on the SAMLRequest. | false | No |
| resolveSAMLRequestProperties | Whether or not request properties from the SAML AuthnRequest should be resolved before proceeding with the authentication. Typically used at the start of an authentication flow. | false | No |
Example Configuration
{
"alias" : "ot",
"id" : "myauthenticator",
"name" : "SAMLAnonymousAssignmentAuthenticator",
"configuration" : {
"cancelURL" : "https://www.google.se",
"pipeID" : "mypipe",
"idpID" : "myidp",
"issuer" : "Company ab",
"allowLanguageChange" : "true",
"max_polls" : "100",
"poll_interval" : "2000"
}
}
Requirements
- One Touch backend configured.
- One Touch activated by the authenticating user.
- resolveSAMLRequestProperties set to "true" at either this authenticator or one prior in the flow (e.g. a Dispatch or SAMLDataSave)