SequenceAuthenticator
Used to execute several authenticators in a sequence, merging together the resulting item (if any) from each step. A typical combination could be:
- DynamicAuthenticator with textEntryParameters "username", or "username" and "password" that uses LdapSearchValve
- AssignmentAgnostic with usernameAttribute "sAMAccountName" to perform OneTouch authentication for the selected user
Any number of authenticators can be used, and AgnosticDispatcher/AgnosticAuthSelectors can be used to delegate the flow within a SequenceAuthenticator. SequenceAuthenticators can also be put inside other SequenceAuthenticators.
If your SequenceAuthenticator is SSO-enabled, you should not Dispatch based on the incoming request context inside the sequence. That should be performed prior to executing the sequence. Dispatching based on e.g. user attributes is fine inside a sequence.
Properties
Example Configuration
This configuration example uses a certificate based authentication in the first step, and then performs OneTouch authentication for the user associated with the certificate in the second step.
{
"id" : "ff37c25t-1111-qq23-uu12-020af1ad10eb",
"alias" : "sequencer",
"name" : "SequenceAuthenticator",
"configuration" : {
"authenticators" : [ "certificate", "assignment" ]
}
}