IdmUserVerifyState
This AuthState is an authenticating AuthState ).
The plug-in IdmUserVerifyState can be used to map an already known user and authenticated user to the related nevisIDM user. The mapping is based either on the user's external ID, his login ID or his e-mail address. If nevisIDM runs in multi-client mode, the client name is required too.
If the mapping is successful, the nevisIDM user object is written into the session. To flatten the object and store specific attributes of the user into the session, use, e.g., IdmGetPropertiesState after IdmUserVerifyState.
Configure this authentication plug-in with the corresponding authentication strength (authLevel="auth.prospect") and make sure that the access-tier denies access to resources that require a stronger authentication level.
| Topic | Description |
|---|---|
| Class | ch.nevis.idm.authstate.IdmUserVerifyState |
| Logging | IdmAuth |
| Auditing | none |
| Marker | NevisIDM:extern |
| Properties | user.loginId (defined in the chapter "Default input properties") The source of the user’s login ID. Either the source of the login or external ID has to be defined. If the nevisIDM config parameter application.feature.emaillogin.enabled has been set to true, the user can also use his unique e-mail address to log in. IdmUserVerifyState transparently detects if the user entered a loginId or an e-mail address. |
| userExtId (string, -) The source of the user’s external ID. Either the source of the login or external ID has to be defined. | |
| client.name (defined in the chapter "Default input properties") The source of the client’s name. Either the source of the client’s name or external ID has to be defined. | |
| clientExtId (string, -) The source of the client’s external ID. Either the source of the client’s name or external ID has to be defined. | |
| presetNoteValues (boolean, true) Legacy property for backward compatibility (default value guarantees backward compatibility). If set to "true", the state will first try to set the user’s login ID on notes:loginID (using the user object from the session, or the inargs:isiwebuserid) and the client’s name on notes:client (using inargs:client or inargs:Client).Note: It is preferable to set presetNoteValues=false and to explicitly define the sources for the user/client information by means of the other state properties. | |
| detaillevel.*: as specified in the chapter Transitions shared among all nevisIDM AuthStates. | |
user.loginType (AUTO / EMAIL / LOGINID, AUTO) This property specifies which information the user has to enter at the login view. EMAIL: The user has to enter the e-mail address, and nevisIDM searches the user by this e-mail address.; LOGINID: The user has to enter his login ID, and nevisIDM searches the user by this login ID.; AUTO (default): The user can use either his login ID or his e-mail address at login, and nevisIDM will detect automatically which of them the user entered. Note, that login with e-mail address will only work if within nevisIDM application.feature.emaillogin.enabled has been set to true. Note that if user.loginType is "AUTO" and the user’s login ID looks like an e-mail address, nevisIDM will perform a "search user by e-mail address". | |
| Methods | authenticate |
| Input | - |
| Transitions | prospect: The user was successfully retrieved from nevisIDM, stored in the session, and the user’s state is "active". |
| failed: User could not be verified. | |
| clientNotFound: User uses an unsupported client ID or the "default" client-ID (see input above) is not available. | |
| Output | none |
| Errors | 1: user verification failed (user not found); 98: account disabled or archived |
| Notes | client: nevisIDM client (tenant) used. |
| loginid: The user’s accepted login ID or the user’s e-mail address respectively, if he used his e-mail to log in (see Input). | |
| userid: The user’s authenticated user ID. |
Example
<AuthState name="UserVerify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false">
<ResultCond name="prospect" next="IdmGetPropertiesState"/>
<ResultCond name="failed" next="IdmGetPropertiesState"/>
<Response value="AUTH_ERROR">
<Gui name="AuthFailDialog" />
</Response>
</AuthState>