Registration Authenticator

The authenticator type "Registration” is a fully dynamic authenticator but without the purpose to authenticate users.

This authenticator is to be used when there is a need for an end user UI but where the default authenticators not are suitable. The purpose of the flow that is designed and built with the Registration authenticator does not necessarily have to end up with an authenticated user session. In fact, the most common use case for the Registration authenticator is a form based UI where the end user submit information to the server, which will act upon the data posted to the server.

The flow may consist of multiple steps (stages). The flow will not proceed to the next stage until the current stage is successfully completed. A stage is considered successfully completed once the pipe associated with the stage is completed without an error. 

Templating

Values that are surrounded by double curly brackets {{value}} will be treated as something that must pass the ”templating filter”.

Stages

Each stage may consist of the following configurable parameters.

Parameter
Comment
Mandatory
pipeid
The pipe that will be executed when clicking proceed
Yes
template
The UI template that will be used for this stage
Yes
sessionValues
Values from the session that should be available for the template in this stage
No
templateVariables
Variables defined in this stage
No
translation
Translations that should be available for the template in this stage
No
errorTranslation
Custom error messages that should be mapped and the mapped value
No

Translation

Translation will be handled by using ”template translation strings”. Values that are surrounded by double curly brackets {{value}}.

Translations defined in the stage are the only translations that will be translated in that stage. 

Example of different kind of translations where the first one corresponds to {{common.messages.human}} and the second one to {{header}} in the template file and ppsspasot.setpwd.header in the translation file.

<p>"translation": [
					"common.messages.human",
					{
						"key": "header",
						"mapKeyTo": "ppsspasot.setpwd.header"
					}
                ]</p>
Click to copy

Session Values

Session values are data which previously have been added to the session, such as a previous stage.

Session values are surrounded by double curly brackets {{value}}.

Session values defined in the stage are the only ones that will be fetched from the session. 

Example with username:

<p>"sessionValues": [
					"username"
				]</p>
Click to copy

Template Variables

Template variables are variables which are defined in the stage.

Example of different kind of template variables

<p>"templateVariables": {
				"cancel_href": "/netid_reg/authenticate/logout/netid_reg/?nextTarget=/netid_reg/authenticate/netid_reg",
				"methods": [
					{
						"title": "netid.messages.buttons.nias_od",
						"data-toggle-action": "OD"
					}
				]
			}</p>
Click to copy

Error Handling

Errors from the flow can be mapped into any custom error message.
The mapped value may also be translated from the translation files.

Example where the generated error from the pipe will contain the key Empty. This will be mapped to the content of "value".

<p>"errorTranslation": [
						{
							"key": "Empty",
							"value": "No user found with this mail address!"
						}
					]</p>
Click to copy

Example Configuration

About

This example is a flow where the end user can update his mobile number in the LDAP directory.

The matching of users is based on the mail attribute.

Authenticator

<p>{
		"alias": "demo",
		"name": "Registration",
		"configuration": {
			"stages": [
				{
					"pipeid": "pipe-stage1",
					"template": "template-stage1",
					"sessionValues": [
						"stage"
					],
					"templateVariables": {
						"stage": "First Stage"
					},
					"translation": [
						"reg.mail",
						"reg.heading",
						"reg.next",
						"reg.cancel"
					],
					"errorTranslation": [
						{
							"key": "Empty",
							"value": "No user found with this mail address!"
						}
					]
				},
				{
					"pipeid": "pipe-stage2",
					"template": "template-stage2",
					"sessionValues": [
						"mail",
						"sn",
						"givenName",
						"mobile"
					],
					"templateVariables": {
						"stage": "Second Stage"
					},
					"translation": [
						"reg.mail",
						"reg.sn",
						"reg.givenName",
						"reg.mobile",
						"reg.heading2",
						"reg.next",
						"reg.cancel"
					]
				},
				{
					"pipeid": "pipe-stage3",
					"template": "template-stage3",
					"sessionValues": [
						"mobile"
					],
					"templateVariables": {
						"stage": "Third Stage"
					},
					"translation": [
						"reg.bodyComplete"
					]
				}
			]
		},
		"id": "registration"
	}</p>
Click to copy

Pipes

<p>{
		"id": "pipe-stage1",
		"valves": [
				{
				"name": "SessionLoadValve",
				"config": {
					"id": "{{request.session_id}}"
				}
			},
			{
				"name": "LDAPSearchValve",
				"config": {
					"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
					"base_dn": "OU=Training,DC=company,DC=local",
					"scope": "SUB",
					"size_limit": "0",
					"filter_template": "mail={{request.mail}}",
					"attributes": "mail,givenName,sn,mobile"
				}
			},
			{
				"name": "FlowFailValve",
				"config": {
					"message": "Empty",
					"exec_if_expr": "flow.items().isEmpty()"
				}
			},
			{
				"name": "SessionPropertyAddValve",
				"config": {
					"name": "givenName",
					"value": "{{item.givenName}}"
				}
			},
			{
				"name": "SessionPropertyAddValve",
				"config": {
					"name": "sn",
					"value": "{{item.sn}}"
				}
			},
			{
				"name": "SessionPropertyAddValve",
				"config": {
					"name": "mobile",
					"value": "{{item.mobile}}"
				}
			},
			{
				"name": "SessionPropertyAddValve",
				"config": {
					"name": "mail",
					"value": "{{item.mail}}"
				}
			},
			{
				"name": "SessionPersistValve",
				"config": {}
			}
		]
	},{
		"id": "pipe-stage2",
		"valves": [
			{
				"name": "SessionLoadValve",
				"config": {
					"id": "{{request.session_id}}"
				}
			},
			{
				"name": "LDAPSearchValve",
				"config": {
					"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
					"base_dn": "OU=Training,DC=company,DC=local",
					"scope": "SUB",
					"size_limit": "0",
					"filter_template": "mail={{session.mail}}",
					"attributes": ""
				}
			},
			{
				"name": "PropertyAddValve",
				"config": {
					"name": "mobile",
					"value": "{{request.mobile}}"
				}
			},
			{
				"name": "SessionPropertyReplaceValve",
				"config": {
					"name": "mobile",
					"value": "{{request.mobile}}"
				}
			},
			{
				"name": "LDAPModifyValve",
				"config": {
					"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
					"modification_type": "REPLACE",
					"attributes": "mobile"
				}
			},
			{
				"name": "SessionPersistValve",
				"config": {}
			}
		]
	},	{
		"id": "pipe-stage3",
		"valves": [
			{
				"name": "DumpRequestValve",
				"config": {}
			}
		]
	}
</p>
Click to copy

Testing

1: Configure the example
2: go to /test/authentication/demo