PhenixID DocumentationPhenixID Authentication ServicesSolutionsAuthentication flowsPhenixID web apps authentication – Username and password

PhenixID web apps authentication – Username and password

This authenticator is used for username-password authentication. User stores can be LDAP or SQL.

Modules required

  • auth-http
  • pipes

Configuration Properties

Name Description Default value Mandatory
successURL The URL to redirect the browser to after successful authentication.   Yes
includeQueryString Enable to append query string (passed to authenticator) to successURL. false No
loginTemplate Template to use for user interface. login.template No
userNameParamName Name of the username request parameter username No
passworParamterName Name of the password request parameter. password No
allowLanguageChange Enable / disable language change. Set ??? to allow language change.   No
translationKey Set key to use for fetching login page body text. login.messages.information.body No
headingtranslationKey Set key to use for fetching login page header text. login.messages.information.header No
pipeID Id of pipe used to validate username and password.   Yes
errorURL The URL to redirect the browser to after unsuccessful authentication.   No

Example configuration

LDAP user store is used in this example.

HTTP Authenticators

{
  "name" : "PostUidAndPassword",
  "id" : "unpw",
  "alias" : "unpw",
  "displayName" : "Username Password",
  "configuration" : {
    "errorURL" : "/error/myerrorpage.html",
      "loginTemplate" : "login.template",
      "successURL" : "/otpadmin/",
      "pipeID" : "UserLookupAndAuthWithLDAP"
      }
}

Pipes

{
  "id" : "UserLookupAndAuthWithLDAP",
  "valves" : [ {
    "name" : "LDAPSearchValve",
      "config" : {
      "connection_ref" : "local_ldap",
      "base_dn" : "ou=users,dc=demo,dc=phenixid,dc=se",
      "scope" : "SUB",
      "size_limit" : "0",
      "filter_template" : "(&(objectclass=*)(uid={{request.username}}))",
      "attributes" : "commonName,uid,mail,mobile"
      }
  }, {
    "name" : "LDAPBindValve",
    "config" : {
      "connection_ref" : "local_ldap",
      "password_param_name" : "password"
      }
    },
{
		"name": "PropertyAddValve",
		"config": {
			"name": "roles",
			"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
			"enable_multi_value": "true"
		}
	}
	 ]
}

Read this article to get the correct value for the roles property.

Database Connection

{
  "id" : "local_ldap",
  "type" : "ldap",
  "description" : "Connection to local OpenDJ",
  "config" : {
    "host" : "localhost",
    "port" : "389",
    "bind_dn" : "cn=Directory Manager",
    "password" : "{enc}D5rVvfE+HpfoHagoMv1r1oy91oDYX44eObCS6qCLh9I=",
    "use_ssl" : "false",
    "ssl_trust_all" : "false",
    "follow_referrals" : "false",
    "auto_reconnect" : "true",
    "use_keep_alive" : "true",
    "response_timeout_ms" : "30000",
    "pool_initial_size" : "1",
    "pool_max_size" : "2"
  }
}