Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Authentication channel

We know next channels:

Request servlet suffixChannel
/ws/resthttp://midpoint.evolveum.com/xml/ns/public/model/channels-3#rest
/actuatorhttp://midpoint.evolveum.com/xml/ns/public/model/channels-3#actuator
/resetPasswordhttp://midpoint.evolveum.com/xml/ns/public/gui/channels-3#resetPassword
/registrationhttp://midpoint.evolveum.com/xml/ns/public/gui/channels-3#selfRegistration

Default channel is http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user. This channel represent GUI, but not have define suffix.

...

  • Configuration schema for flexible authentication is designed to be mostly complete. However, not all configuration options are currently supported.
  • Flexible authentication is currently supported only for midPoint administration GUI. Only internal password authentication and SAML2 is officially supported. The rest of the functionality is considered to be experimental.
  • OpenID Connect protocol is not supported yet.
  • Social login functionality is not supported yet.
  • It is unlikely that midPoint could be used as a member of identity federation directly. Identity proxy or a similar technology may be needed.
  • Authentication configuration is global. Only global security policy can be used to configure the authentication (i.e. security policy referenced directly from system configuration object). Per-organization security policies or any other security policies cannot be used.
  • Support for authentication module necessity is limited. We support only SUFFICIENT modules in 4.1.
  • Authentication modules for REST and SOAP web services are not supported in midPoint 4.1.because SOAP is deprecated and it will be removed soon.
  • REST service supports HTTP basic authentication only. Distributed authetntication protocols (OpenID Connect, SAML) are not supported yet.
  • Even though the authentication configuration often suggests that there may be more than one instances of credentials (password, nonce), midPoint currently supports only a single password, single nonce and a single set of security questions. Multiple credentials are not supported. The reason for mentioning credential names the configuration schema is to have ability to extend midPoint functionality in the future.

...