ExternalFlow
Introduction
The ExternalFlow authenticator redirects the user to an external service, facilitating integration with third-party identity or policy providers. Data is exchanged between the platform and the external service using signed JWTs, transmitted within POST requests. This ensures integrity and authenticity of the exchanged information.
Configuration
Common Authenticator configuration can be found here.
location
Location to the external service
N/A
exec_if
An expression that determines if this authenticator should be executed or not.
N/A
key_store
Keystore used to sign the outgoing JWT
N/A
alias
Alias of the private key in the keystore
certificate
Certificate used to verify the incoming JWT data
N/A
attributes
Object containing data that is sent as payload to the external service.
{}
custom_identifier
Tag used for event separation
N/A
{
"id": "externalflow01",
"type": "ExternalFlow",
"config": {
"base_path": "/login",
"location": "https://externalservice.com/",
"attributes":
{
"attribute_username":"${state.username}",
"attribute_info":"This is another attribute"
},
"key_store":
{
"type" : "PKCS12",
"path" : "path/to/my.p12",
"password" : "password",
"private_key_password": "password"
},
"certificate":
{
"path" : "path/to/certificate.pem"
}
}
}Logging
WEB_100046("ExternalFlow request sent")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
AUTHENTICATOR_ID (id + display_name of authenticator)
WEB_100047("ExternalFlow response received")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
AUTHENTICATOR_ID (id + display_name of authenticator)
Data exposed to global state
Upon receiving the response from the external service, the authenticator is marked as completed. The payload contained in the JWT returned by the external service is extracted and propagated into the global state, making it available for subsequent authenticators and flow controllers.