AuthController

Customisable authentication menu

Introduction

The AuthController authenticator enforces configurable control mechanisms that can be applied at different stages of the authentication flow. It can be positioned either before or after user identification, depending on the defined control logic.

If the configured pipe returns a failure response, the authentication process is immediately terminated and the attempt is marked as failed.

Configuration

Authenticator type: AuthController

Common Authenticator configuration can be found here.

Name

Description

Default

Mandatory

pipe_id

ID of the pipe responsible decision making.

N/A

fail_location

Where to send user agent on failed auth validation.

N/A

failed_redirect

User-Agent redirection based on error response from pipe. See advanced redirection.

N/A

{
    "id": "authz",
    "type": "AuthController",
    "config": {
        "base_path": "${globals.default_login_suffix}",
        "pipe_id": "validate",
        "fail_location": "https://fortifiedid.se",
        "failed_redirect": [
            {
                "pattern": ".*Missing input param 'idg'.*",
                "target": "https://www.idg.se"
            },
            {
                "pattern": ".*Missing input param 'sunet'.*",
                "target": "https://www.sunet.se"
            }
        ]
    }
}

Advanced redirection

Based on the error response returned from the pipe, the user-agent can be redirected using regex patterns. If no pattern matches, the fail_location parameter is used as a fallback.

The fail_location parameter is defined as an array of fail location objects. Upon a fail-response from the pipe, the array is evaluated in order, and the user-agent is redirected to the first matching location.”

Name

Description

Default

Mandatory

failed_redirect.pattern

Regex expression

N/A

failed_redirect.target

If matched, where to send the user agent

N/A

PreviousFlow control NextEnrichIdentity