PhenixID DocumentationPhenixID Authentication ServicesSolutionsAuthentication flowsHow to replace the default authenticator for PhenixID web apps

How to replace the default authenticator for PhenixID web apps

This document is written for PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

This document describes the necessary steps to replace the default authenticator for the PhenixID Webapps.

Overview

Internal authenticators are used to protect PAS internal web resources such as Configuration Manager (/config), MFA Admin (/mfaadmin), Self Service (/selfservice) and MyApps (/myapps).

The internal webapps will by default be protected with a Username and Password authenticator (PostUidAndPassword).

Please make sure to have a backup copy of the configuration before changing the settings for the authenticators, as you might be locked out if configuration is misconfigured.

Please follow these guidelines in order to replace the default authenticator with one of the other internal authenticators.

Add configuration for the authenticator to use

Information about "PhenixID web apps authentication" can be found here:

Add configuration for the desired authenticator to be used.

Note the alias of the authenticator as this will be used later, for example, selfservice (see below)

Configure the webapp to use the new authenticator

Log in to the configuration UI, go to the "Advanced" tab and expand "Modules"

Locate the com.phenixidentity~phenix-prism module that contains the webapp that you would like to reconfigure.

Edit the "auth_redirect_url" to map to the alias noted in previous step,  for example:

"auth_redirect_url": "/selfservice/authenticate/selfservice" 

NOTE: This value will by default have a uuid set after the Scenario has been configured, like this:

"auth_redirect_url": "/selfservice/authenticate/74038ce9-858e-44af-b2de-8ae68f93c487"

Configure the new authenticator to redirect to the webapp

Locate the authenticator previously configured.

Edit the "successURL" to redirect the authenticator back to the webapp, for example:

"successURL": "/selfservice/"