IdmStrongAuthenticationChoiceState
This AuthState is a processing AuthState.
This plug-in is used as a second step after authenticating the user, e.g., using IdmUserIdPasswordVerifyState. It has two modes:
- It queries the user's account for available strong authentication mechanisms and generates a list of available (active) credentials to select from or a transition to directly dispatch to the next AuthState if only a single (strong) credential is available.
- The second mode is similar to the first one. However, by means of the state property "transitions", the set of allowed strong authentication mechanisms is not only restricted but also set into a certain order. The user does not have a choice but has to use the first defined transition if available. Otherwise, the second one has to be used, etc.
Topic | Description |
---|---|
Class | ch.nevis.idm.authstate.IdmStrongAuthenticationChoiceState |
Logging | IdmAuth |
Auditing | None |
Marker | NevisIDM:selection |
Properties | transitions (string, comma-separated list of the available transitions) If the property is defined, it generally limits available authentications to the defined ones. Furthermore, the order of the comma-separated list is also evaluated. The user will have to authenticate based on the first defined transition. If the user has no active credential for that transition, the second transition will be checked, etc. |
Methods | process (all events) |
Input | credentialType (user or caller, optional) This field allows to send a (pre-) selection for the strong credential type to use. See Transitions below for a list of supported values. |
Transitions | certificate: Transition to the chapter IdmX509State. |
otp: Transition to the chapter IdmPasswordVerifyState. Note that the user must already be identified, i.e., by IdmUserIdPasswordState | |
securid: Transition to the nevisAuth reference guide, SecuridAuthenticateState, with access to an RSA SecurId server. | |
safeword: Transition to nevisAuth reference guide, SecuridAuthenticateState with access to Safeword server. | |
ticket: Transition to the chapter IdmPasswordVerifyState with a ticket=true configuration. | |
none: The user does not have a strong credential. | |
Output | None |
Errors | None |
Notes | None |
Example
<AuthState name="IdmStrongAuthenticationChoice" final="false"
class="ch.nevis.idm.authstate.IdmStrongAuthenticationChoiceState" >
<ResultCond name="securid" next="IdmSecurIdLogin"/>
<ResultCond name="safeword" next="IdmSafeWordLogin"/>
<ResultCond name="otp" next="IdmOTPLogin"/>
<ResultCond name="ticket" next="IdmTicketLogin"/>
<ResultCond name="none" next="IdmPostProcessing"/>
<Response value="AUTH_CONTINUE">
<Gui name="IdmAuthMethodSelectionDialog"
label="login.choose.label">
<GuiElem name="lasterror" type="error"
label="${notes:lasterrorinfo}"
value="${notes:lasterror}"/>
</Gui>
</Response>
<propertyRef name="IdmCertificateLogin"/>
</AuthState>