We know next channels:
|Request servlet suffix||Channel|
Default channel isThis channel represent GUI, but not have define suffix.
- Configuration schema for flexible authentication is designed to be mostly complete. However, not all configuration options are currently supported.
- Flexible authentication is currently supported only for midPoint administration GUI. Only internal password authentication and SAML2 is officially supported. The rest of the functionality is considered to be experimental.
- OpenID Connect protocol is not supported yet.
- Social login functionality is not supported yet.
- It is unlikely that midPoint could be used as a member of identity federation directly. Identity proxy or a similar technology may be needed.
- Authentication configuration is global. Only global security policy can be used to configure the authentication (i.e. security policy referenced directly from system configuration object). Per-organization security policies or any other security policies cannot be used.
- Support for authentication module necessity is limited. We support only SUFFICIENT modules in 4.1.
- Authentication modules for REST and SOAP web services are not supported in midPoint 4.1.because SOAP is deprecated and it will be removed soon.
- REST service supports HTTP basic authentication only. Distributed authetntication protocols (OpenID Connect, SAML) are not supported yet.
- Even though the authentication configuration often suggests that there may be more than one instances of credentials (password, nonce), midPoint currently supports only a single password, single nonce and a single set of security questions. Multiple credentials are not supported. The reason for mentioning credential names the configuration schema is to have ability to extend midPoint functionality in the future.