IdmURLTicketVerifyState
This AuthState is an authenticating AuthState.
This plug-in provides URL ticket authentication. The URL ticket is part of a personalized link. This state gets the URLTicket parameter from the link and passes it to the nevisIDM.
Topic | Description |
---|---|
Class | ch.nevis.idm.authstate.IdmURLTicketVerifyState |
Logging | IdmAuth |
Auditing | none |
Marker | NevisIDM:one-time-password |
Properties | client.name (string, "${inargs:client}") In a multi-client (tenant) setup, a user with a certificate registered in multiple clients needs to select the client to select the correct account. AuthState Fallbacks:
|
user.ticket (string, ${inargs:x}) The source of the URLTicket parameter. It is optional. If it is not set, the auth state will get the URLTicket parameter from the "${inargs:x}" parameter. | |
user.loginid (string, ${inargs:x}) loginId parameter sourceIt is optional. If it is not set, it will be parsed from the URLTicket parameter. | |
Methods | authenticate |
Input | The request parameter that contains the URLTicket parameter. It depends on the value of the user.ticket property. If user.ticket=${inargs:myURLTicketSource}, the request parameter that contains the URL ticket will be "myURLTicketSource". Example URL: https://<host_url>?**myURLTicketSource**=Npw6Cm78WupusGwelmLx0LeujLwWh1RfOmJIlSRo6P6h5maGfKlR5‑rK7i_nR7_QqaLI8SgNyqmCKdmjnFylBA If the user.ticket property is not set, the "x" input parameter will be used as default. Example URL: https://<host_url>?**x**=Npw6Cm78WupusGwelmLx0LeujLwWh1RfOmJIlSRo6P6h5maGfKlR5‑rK7i_nR7_QqaLI8SgNyqmCKdmjnFylBA The request parameter has to be the same as configured in the urlPrefix parameter when the URL ticket was created. The urlPrefix parameter can be set in the URLTicket policy configuration (see the chapter "URL ticket") or in the IdmCreateCredentialState AuthState (see the chapter "IdmCreateCredentialState"). |
Transitions | ok: Authentication was successful. The user has a valid URL ticket credential and the URL ticket matches this credential. |
failed: Authentication failed. The following use cases can lead to failed authentication:
| |
tmpLocked: The URL ticket credential is temporarily locked. Error code and detail: 8 - "credential is temporarily locked" | |
lockWarn: Last try to login, next failure will lock the URL ticket credential. Error code and detail: 3 - "will lock on next failure" | |
nowLocked: The last try failed, the URL ticket credential was locked in this step. Error code and detail: 8 - "just locked" | |
locked: The URL ticket credential in nevisIDM is locked or expired.
| |
Output | none |
Errors |
|
Notes | userid |
Example
<AuthState name="VerifyURLTicket" final="false"
class="ch.nevis.idm.authstate.IdmURLTicketVerifyState" >
<ResultCond name="ok" next="URLTicketSuccess"
authLevel="auth.weak"/>
<ResultCond name="tmpLocked" next="URLTicketTmpLocked"/>
<ResultCond name="lockWarn" next="URLTicketLoginLockWarn"/>
<ResultCond name="nowLocked" next="URLTicketNowLocked"/>
<ResultCond name="locked" next="URLTicketLocked"/>
<ResultCond name="failed" next="URLTicketFailed"/>
<Response value="AUTH_CONTINUE">
<Gui name="NoGui"/>
</Response>
<propertyRef name="IdmCertificateLogin"/>
</AuthState>