3.1.0 - Access
The chain authenticator orchestrates one or more authenticators that perform(s) the actual authentication.
The chain is complete when all (required) authenticators in the chain are completed.
A chain authenticator can be nested with s and other chains.
Common Authenticator configuration can be found .
base_path
chain
[]
require_subject
Flag controlling if this authenticator requires a subject to be set before completing. Use only for nested chains.
true
proceed_on_error
Flag controlling how chain behaves on authenticator failure. If enabled, all authenticators in chain will be executed before error is raised (stealth behaviour).
true
require_chain
Flag specifying if this authenticator must be executed inside a chain.
false
verbose
Turns on extended trace logging. Use for troubleshooting only.
false
An authenticator ref points to an actual authenticator available in the current configuration.
id
Authenticator id
required
Flag controlling if authenticator is required to complete or not. Authentication will fail if a required authenticator does not complete.
true
order
If ALL items has order numbers, these number define the execution order. If NO item has order number, the order of the list defines the execution order.
When a chain is executed, the user agent is redirected to each chained authenticator in the specified (configured) order. The path to the authenticator is constructed by combining base_path with the chain authenticator's ID (specified as id in authenticator_ref).
Note that base_path is also used to generate the path for the current authenticator. This is intentional, as all authenticators in a flow must share the same path and session, both of which are managed by the path.
API not available.
The base path for this authenticator and used to construct paths for chained authenticators. (see )
List of defining the content and order of the chain. An empty chain will block the authentication and therefor at least one ref must be present.