Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


This feature is experimental. It means that it is not intended for production use. The feature is not finished. It is not stable. The implementation may contain bugs, the configuration may change at any moment without any warning and it may not work at all. Use at your own risk.

MidPoint 4.0 and later

Basic idea of flexible authentication can see on Flexible Authentication.

Basic configuration

Flexible authentication is configured in Security Policy, which is used as global security policy in System Configuratin. Base tag is <authentication>.  Configuration consists of modules and sequences. Module is basic building element. Each element has a configuration of a particular authentication element instance. Each modules specified in the container must have unique name. Sequence is a sequence of authentication modules. The modules is invoked in order. The purpose of the sequence is to guide user through a complete authentication process.

Module configuration

Now is supported only three modules: formLogin, saml2, httpHeader. Each from contains common attributes:


Unique name of the authentication module. This name is fact a short identifier. It is supposed to give some idea about nature of the module to system administrator. But it is not supposed to be used as a user-friendly label for the module. The name is also used in the url, so it should not contain special characters.

descriptionFree form description of the module (administrator comment).falseString

formLogin module

FormLogin module is used for interactive log-in of a user by using HTML forms. 


Pseudo-authentication for pre-authenticated users. Based on HTTP header values. This module contains specific attributes:

usernameHeaderName of HTTP header that contains username.trueString
logoutUrlUrl for redirect after logout. Default is '/'.falseString


SAML2 authentication module support authentication via Identity provider with SAML2. SAML2 module have little bit complicated configuration. This module contains specific attributes:

  • No labels