ExternalFlow

Introduction

The ExternalFlow authenticator redirects the user to an external service, facilitating integration with third-party identity or policy providers. Data is exchanged between the platform and the external service using signed JWTs, transmitted within POST requests. This ensures integrity and authenticity of the exchanged information.

Configuration

Authenticator type: ExternalFlow

Common Authenticator configuration can be found here.

Name

Description

Default

Mandatory

location

Location to the external service

N/A

exec_if

An expression that determines if this authenticator should be executed or not.

null

key_store

Keystore used to sign the outgoing JWT

N/A

certificate

Certificate used to verify the incoming JWT data

N/A

attributes

Object containing data that is sent as payload to the external service.

{}

{
    "id": "externalflow01",
    "type": "ExternalFlow",
    "config": {
        "base_path": "/login",
        "location": "https://externalservice.com/",
        "attributes":
        {
            "attribute_username":"${state.username}",
            "attribute_info":"This is another attribute"
        },
        "key_store":
         {
           "type" : "PKCS12",
           "path" : "path/to/my.p12",
           "password" : "password",
           "private_key_password": "password"
         },
         "certificate":
         {
           "path" : "path/to/certificate.pem"
         }
    }
}

Data exposed to global state

Upon receiving the response from the external service, the authenticator is marked as completed. The payload contained in the JWT returned by the external service is extracted and propagated into the global state, making it available for subsequent authenticators and flow controllers.

PreviousEnrichIdentity NextChain