SequenceAuthenticator
Note
Used to execute several authenticators in a sequence, merging together the resulting item (if any) from each step. A typical combination could be:
- DynamicAuthenticator with inputElements "username", or "username" and "password" that uses LdapSearchValve
- AssignmentAgnostic with usernameAttribute "sAMAccountName" to perform OneTouch authentication for the selected user
Any number of authenticators can be used, and AgnosticDispatcher/AgnosticAuthSelectors can be used to delegate the flow within a SequenceAuthenticator. SequenceAuthenticators can also be put inside other SequenceAuthenticators.
If your SequenceAuthenticator is SSO-enabled, you should not Dispatch based on the incoming request context inside the sequence. That should be performed prior to executing the sequence. Dispatching based on e.g. user attributes is fine inside a sequence.
Also, if you want to provide a descriptive title and icon for your SequenceAuthenticator when used as an option in an AgnosticAuthSelector, you need to add a localizationKey to this configuration and also add a custom localizationKey in your translation files. Read more on how to do that here.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| authenticators | Which authenticators should be executed (id or aliases, in list format, where order matters) | N/A | Yes |
Example Configuration
This configuration example uses a certificate based authentication in the first step, and then performs OneTouch authentication for the user associated with the certificate in the second step.
{
"id" : "ff37c25t-1111-qq23-uu12-020af1ad10eb",
"alias" : "sequencer",
"name" : "SequenceAuthenticator",
"configuration" : {
"authenticators" : [ "certificate", "assignment" ]
}
}
Requirements
One or more protocol agnostic authenticators configured.