This feature is experimental. It means that it is not intended for production use. The feature is not finished. It is not stable. The implementation may contain bugs, the configuration may change at any moment without any warning and it may not work at all. Use at your own risk.
MidPoint 4.0 and later
Basic idea of flexible authentication can see on Flexible Authentication.
Flexible authentication is configured in Security Policy, which is used as global security policy in System Configuratin. Base tag is <authentication>. Configuration consists of modules and sequences. Module is basic building element. Each element has a configuration of a particular authentication element instance. Each modules specified in the container must have unique name. Sequence is a sequence of authentication modules. The modules is invoked in order. The purpose of the sequence is to guide user through a complete authentication process.
Now is supported only three modules: formLogin, saml2, httpHeader. Each from contains common attributes:
Unique name of the authentication module. This name is fact a short identifier. It is supposed to give some idea about nature of the module to system administrator. But it is not supposed to be used as a user-friendly label for the module. The name is also used in the url, so it should not contain special characters.
|description||Free form description of the module (administrator comment).||false||String|
FormLogin module is used for interactive log-in of a user by using HTML forms.
Pseudo-authentication for pre-authenticated users. Based on HTTP header values. This module contains specific attributes:
|usernameHeader||Name of HTTP header that contains username.||true||String|
|logoutUrl||Url for redirect after logout. Default is '/'.||false||String|
SAML2 authentication module support authentication via Identity provider with SAML2. SAML2 module have little bit complicated configuration. This module contains specific attributes: