Used to execute several authenticators in a sequence, merging together the resulting item (if any) from each step. A typical combination could be: 

  1. DynamicAuthenticator with textEntryParameters "username", or "username" and "password" that uses LdapSearchValve
  2. AssignmentAgnostic with usernameAttribute "sAMAccountName" to perform OneTouch authentication for the selected user

Any number of authenticators can be used, and AgnosticDispatcher/AgnosticAuthSelectors can be used to delegate the flow within a SequenceAuthenticator. SequenceAuthenticators can also be put inside other SequenceAuthenticators. 

If your SequenceAuthenticator is SSO-enabled, you should not Dispatch based on the incoming request context inside the sequence. That should be performed prior to executing the sequence. Dispatching based on e.g. user attributes is fine inside a sequence.


Name Description Default value Mandatory
authenticators Which authenticators should be executed (id or aliases, in list format, where order matters) N/A Yes

Example Configuration

This configuration example uses a certificate based authentication in the first step, and then performs OneTouch authentication for the user associated with the certificate in the second step. 

  "id" : "ff37c25t-1111-qq23-uu12-020af1ad10eb",
  "alias" : "sequencer",
  "name" : "SequenceAuthenticator",
  "configuration" : {
    "authenticators" : [ "certificate", "assignment" ]