Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Request servlet suffixChannelNote

http://midpoint.evolveum.com/xml/ns/public/modelcommon/channels-3#userDefault one, represents GUI. No suffix specified.

/ws

/rest

/api

http://midpoint.evolveum.com/xml/ns/public/modelcommon/channels-3#rest
/actuatorhttp://midpoint.evolveum.com/xml/ns/public/modelcommon/channels-3#actuator
/resetPasswordhttp://midpoint.evolveum.com/xml/ns/public/guicommon/channels-3#resetPassword
/registrationhttp://midpoint.evolveum.com/xml/ns/public/guicommon/channels-3#selfRegistration

...

NameDescriptionRequiredType
nameUnique name of the authentication sequence. This name is fact a short identifier. It is supposed to give some idea about purpose of the sequence to system administrator. But it is not supposed to be used as a user-friendly label. Sequence name must be unique.trueString
descriptionFree form description of the sequence (administrator comment).falseString
channelSpecification of channel for authentication sequence.falseAuthenticationSequenceChannelType
requireAssignmentTargetRequired assignment target. This authentication sequence is applicable only to users that have active assignment with this target (and relation). If the sequence is attempted on a user that does not have this assignment then the authentication will fail.falseObjectReferenceType
nodeGroupRequired node group. This authentication sequence is applicable only to node group that have active assignment with this archetype.falseObjectReferenceType
moduleSpecification of authentication module in the sequence.trueAuthenticationSequenceModuleType

...

Code Block
languagexml
titleExample of default sequence
linenumberstrue
<sequence>
	<name>admin-gui-default</name>
    <description>
    	Default GUI authentication sequence.
        We want to try company SSO, federation and internal. In that order.
        Just one of then need to be successful to let user in.
    </description>
    <channel>
    	<channelId>http://midpoint.evolveum.com/xml/ns/public/modelcommon/channels-3#user</channelId>
        <default>true</default>
    </channel>
	<nodeGroup oid="05b6933a-b7fc-4543-b8fa-fd8b278ff9ee" relation="org:default" type="c:ArchetypeType"/>
    <module>
    	<name>mySamlSso</name>
        <order>30</order>
        <necessity>sufficient</necessity>
    </module>
    <module>
    	<name>internalLoginForm</name>
        <order>20</order>
        <necessity>sufficient</necessity>
    </module>
</sequence>

...

Code Block
languagexml
titleExample of sequence for administrator login
linenumberstrue
<sequence>
	<name>admin-gui-emergency</name>
    <description>
    	Special GUI authentication sequence that is using just the internal user password.
        It is used only in emergency. It allows to skip SAML authentication cycles, e.g. in case
        that the SAML authentication is redirecting the browser incorrectly.
    </description>
    <channel>
    	<channelId>http://midpoint.evolveum.com/xml/ns/public/modelcommon/channels-3#user</channelId>
        <default>false</default>
        <urlSuffix>emergency</urlSuffix>
    </channel>
    <requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType">
    <!-- Superuser -->
    </requireAssignmentTarget>
    <module>
    	<name>internalLoginForm</name>
        <order>1</order>
        <necessity>sufficient</necessity>
    </module>
</sequence>

...