Legacy Authenticators
There are many legacy authenticators in PAS. It's encouraged to not use them for new development, and to stop using them, instead using the new authenticator architecture.
Note
With the release of PAS 5.1, the new authenticator architecture was introduced. The new authenticators are protocol agnostic and can be used for ex. SAML, OIDC and internal authentication, can be chained, SSO etc. For details about this new architecture, please see the authentication introduction.
As part of the release of the new authenticators, the old authenticators have been deprecated, and are now considered legacy authenticators.
Warning
These legacy authenticators are still supported, but the support is limited, new features will not be added, and only important defects and security flaws will be fixed.
Caution
At some point, these legacy authenticators may be removed entirely from the product.
Overview
Note
This manual provides documentation of the different authenticators shipped with PhenixID Server.
Authenticators are used to identifying users. It is the external facing entry point in many cases. Most authenticators call out to one or several pipes to perform the actual execution of user identification.
An authenticator operates within a well-defined domain, targeting a specific protocol such as SAML RADIUS OpenID Connect etc.
Currently, not all authenticators are found in this documentation. Contact support regarding questions about configuring authenticators.
Limiting Authenticator access to specific HTTP servers
In the JSON configuration, for authenticators, it is possible to configure that only certain HTTP servers are allowed to expose a certain authenticator. This is done by setting the property "httpConfigurationIds" directly on the authenticator. The value of the property shall be an array of strings - each string should be the id of the http server (configuration id).
Configuration example
"AUTHENTICATORS" : [ {
"alias" : "config",
"name" : "DefaultInternalAuthenticator",
"httpConfigurationIds" : [ "47386820-f79c-4c2f-be43-529821d3d2a3" ],
"configuration" : {
"successURL" : "/config/",
"translationKey" : "login.messages.information.body.cm",
"headingtranslationKey" : "login.messages.information.header.cm",
"title" : "login.messages.information.title.cm",
"icon" : "res/images/icons/config-pas-icon.png"
},
"id" : "configdefault"
}, {
"alias" : "23a331dd-a609-4a9d-a9bb-69376be0db7c",
"name" : "PostUidAndPassword",
"httpConfigurationIds" : [ "d64c4401-c719-41a4-b656-5f14ccb486a9", "non-existent-id" ],
"configuration" : {
"pipeID" : "41691a1b-014a-402a-ade4-fa9a9cc55efe",
"successURL" : "/selfservice/",
"translationKey" : "login.messages.information.body.enduser",
"headingtranslationKey" : "login.messages.information.header.enduser",
"title" : "login.messages.information.title.enduser",
"allowLanguageChange" : "true",
"icon" : "res/images/icons/self-service.png"
},
"guide_id" : "guides.selfservice",
"guide_ref" : "8241ba3b-d67b-453c-b295-56dde033f3c7",
"created" : "2023-09-27T12:15:35.949Z",
"id" : "e97e0ecf-ad06-419a-ae07-ae2393bf3f08"
}, {
"id" : "9b33493a-9c8f-448a-8f48-80da3a2ef7d7",
"alias" : "test",
"name" : "PostUidAndPasswordSAML",
"httpConfigurationIds" : [ "d64c4401-c719-41a4-b656-5f14ccb486a9" ],
"displayName" : "test",
"configuration" : {
"pipeID" : "f9474062-25ff-4989-b467-306b383cd52e",
"idpID" : "d35098aa-a56e-4a14-8cae-4790c022760e"
},
"created" : "2023-09-27T12:15:01.104Z"
} ]