SAMLUidPasswordOneTouch
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Used when acting as an IDP and using Phenixid OneTouch as authentication method. Authentication is done through UID, password & OneTouch.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| idpID | The internal identifier of the idp used | N/A | Yes |
| pipeID | Id of the pipe used to issue the SAML assertion | N/A | Yes |
| samlAuthMethod | What value is set in the AuthnContextClassRef | urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient | No |
| loginTemplate | UI template used for rendering enduser UI | ot_login.template | No |
| userNameParamName | Parameter where password resides in the incoming request | username | Yes |
| passworParamterName | Parameter where password resides in the incoming request | password | Yes |
| notify | Should user be notified using push. Note that push must be enabled if set to true | true | No |
| servicename | The name of the service presented in the OneTouch assignment | PhenixID | No |
| ot_push_message | Message shown on the client when using push | login.assignment.client.message.ot_push_message | No |
| quick_mode_enabled | Enables quick mode for this authenticator | false | No |
| quick_mode_category | Specify the category for the quick mode buttons. These categories can be used: category_yes_no, category_ok_cancel or category_confirm_reject. | category_ok_cancel | No |
| sendSAMLResponseOnError | Whether or not a SAMLResponse containing an error response should be sent back to the SP upon an internal authentication error. | false | No |
| strictValidation | Whether or not additional validation checks should be made on the SAMLRequest. | false | No |
| resolveSAMLRequestProperties | Whether or not request properties from the SAML AuthnRequest should be resolved before proceeding with the authentication. Typically used at the start of an authentication flow. | false | No |
Example Configuration
{
"alias": "uidot",
"name": "SAMLUidOneTouch",
"configuration": {
"idpID": "idp",
"pipeID":"tokenPipe",
"servicename":"Acme"
}
Requirements
User must have OneTouch activated. "resolveSAMLRequestProperties" set to "true" at either this authenticator or one prior in the flow (e.g. a Dispatch or SAMLDataSave)