ExternalFlow

Introduction

The ExternalFlow authenticator redirects the user to an external service, facilitating integration with third-party identity or policy providers. Data is exchanged between the platform and the external service using signed JWTs, transmitted within POST requests. This ensures integrity and authenticity of the exchanged information.

Configuration

Common Authenticator configuration can be found here.

{
    "id": "externalflow01",
    "type": "ExternalFlow",
    "config": {
        "base_path": "/login",
        "location": "https://externalservice.com/",
        "attributes":
        {
            "attribute_username":"${state.username}",
            "attribute_info":"This is another attribute"
        },
        "key_store":
         {
           "type" : "PKCS12",
           "path" : "path/to/my.p12",
           "password" : "password",
           "private_key_password": "password"
         },
         "certificate":
         {
           "path" : "path/to/certificate.pem"
         }
    }
}

Logging

WEB_100046("ExternalFlow request sent")

• IDENTIFIER (user trace id)

• CUSTOMER_IDENTIFIER (if configured)

• SOURCE_ADDRESS (ip of the remote session)

• AUTHENTICATOR_ID (id + display_name of authenticator)

WEB_100047("ExternalFlow response received")

• IDENTIFIER (user trace id)

• CUSTOMER_IDENTIFIER (if configured)

• SOURCE_ADDRESS (ip of the remote session)

• AUTHENTICATOR_ID (id + display_name of authenticator)

Data exposed to global state

Upon receiving the response from the external service, the authenticator is marked as completed. The payload contained in the JWT returned by the external service is extracted and propagated into the global state, making it available for subsequent authenticators and flow controllers.