LogoLogo
HomeIntegrityControlSolutionsManagement Center
3.1.0 - Access
3.1.0 - Access
  • Introduction
  • The Service
    • Overview
    • About this release
      • Release notes
      • Breaking changes
    • Architecture
      • Modules
      • Folder structure
      • Startup
    • Getting started
    • Installation
      • Container
      • Linux
      • Windows
    • Operations
      • Configuration
      • Metrics
      • Health check
      • Logging
        • System logging
        • Event logging
      • SBOM & license material
  • Modules
    • External modules
    • Internal modules
      • SAMLModule
      • OIDC
        • OpenID Configuration endpoint
        • JWKS endpoint
        • Authorization endpoint
        • Token endpoint
          • Authorization code
          • Refresh token
        • User info endpoint
        • Introspection endpoint
        • End session endpoint
  • Configuration reference
    • Introduction
    • Terms and abbreviations
    • Property expansion
    • File inclusion
    • Secrets management
    • Examples
  • Authenticators
    • Introduction
    • Common configuration
    • Web Authenticator API
    • Flow control
      • Selector
      • AuthController
      • SSO Authenticator
      • Chain
      • Impersonate
      • Impersonate With Search
    • Credential validators
      • SITHS eID
        • With QR or "app-switch"
      • BankID
        • On another device
        • On mobile device
      • Freja e-ID
        • With user input
        • With QR or "app-switch"
      • Mobile ID
        • With QR or "app-switch"
      • Header based
        • Certificate
      • Pointsharp Net iD Access server
        • On another device
        • On same device
      • Integrated windows login, IWA
      • User name & password
      • User lookup
      • OTP validator
      • Passkey validator
      • Exposed metrics
      • Test
        • Static SAML
        • No operation
    • Protocol managers
      • SAML
        • SAML IDP
        • SAML SP
        • IDP Discovery Service
      • OIDC
        • Authorization Code Flow
        • Implicit Flow
        • OIDC Relying Party
    • UI
Powered by GitBook
On this page
  • Introduction
  • Configuration
  • Values
  • API
  • Messages
  • Translation keys
  1. Authenticators
  2. Flow control

Impersonate With Search

Customisable object selector.

PreviousImpersonateNextCredential validators

Introduction

The Impersonate selector is responsible for presenting a list of objects (in a grid) for the user to select from.

The Impersonate selector completes when the user has selected an option.

Can be nestled with other authenticators, selectors and s.

Configuration

Authenticator type: ImpersonateWithSearch

Common Authenticator configuration can be found .

Name
Description
Default
Mandatory

pipe_id

Reference to the pipe responsible for collecting the data to be presented in the grid. Request parameter "search" contains the value from the search input field.

N/A

identifier_attribute

"sAMAccountName"

selected_id_parameter

"object_id"

include_self

false

show_filtering

true

values

N/A

execute_key

If set, value of execute_key parameter must match the value for execute_regex. Works on global state parameters. This can be used as an on/off switch for the authenticator.

""

execute_regex

Regular expression to be used on the execute_key value.

""

webroot_dir

See common authenticator configuration

web/authenticator/impersonate_selector

{
   "id":"auth00_select_object",
   "type":"ImpersonateWithSearch",
   "config":{
      "base_path":"/test/authn",
      "pipe_id":"search_pipe",
      "values":[
         {
            "key":"role",
            "label":"label1"
         },
         {
            "key":"givenName",
            "label":"label2"
         },
         {
            "key":"mail",
            "label":"label3"
         }
      ],
      "custom_identifier":"FortifiedID",
      "identifier_attribute":"sAMAccountName",
      "selected_id_parameter":"object_id",
      "include_self":false,
      "show_filtering":true,
      "webroot_dir":"web/authenticator/impersonate_selector"
   }
}

Values

The values array represents the columns to be shown in the grid.

Name
Description
Default
Mandatory

key

Item parameter. The value will be presented in the column for each object.

label

Column label translation key.

"values":[
         {
            "key":"displayName",
            "label":"label1"
         },
         {
            "key":"givenName",
            "label":"label2"
         },
         {
            "key":"sAMAccountName",
            "label":"label3"
         },
         {
            "key":"mail",
            "label":"label4"
         },
         {
            "key":"cn",
            "label":"label5"
         }
      ]

API

Messages

Selector authenticators supports the following messages:

Init (request+response)

Init message must be sent before/during the view is loading. Response contains the options that should be presented to the user.

Init may be called while authenticator is in progress under the following circumstances:

  • Callback from selected authenticator

  • Browser reload (user refreshes page)

  • Browser back (user cancels selected authenticator and navigates back)

{
  "type" : "init",
  "data" : {}
}
{
  "type" : "init",
  "success" : true,
  "data" : {
    "options" : [
      {
        "id" : "<option-id>",
        "target" : "<authenticator-id>",
        "label" : "<option-text-or-translation-key> 
      },
    ]
  }
}

Reason
Description

Selected authenticator failed

The selected authenticator failed.

Unknown status: <status>

The selected authenticator has an unknown status (Not PENDING, IN_PROGRESS, COMPLETED or FAILED)

Invalid status: <status>

Protocol error. Init called when authenticator is not in status PENDING or IN_PROGRESS.

Action (request+response)

The action message is used for selecting an option. This message is triggered by a user action.

{
  "type" : "action",
  "data" : {
    "selected" : "<option-id>"
  }
}
{
  "type" : "action",
  "success" : true,
  "data" : { 
    "location" : "<path-to-selected-authenticator>"
  }
}
Reason
Description

Invalid option: <option-id>

An invalid option-id was supplied. Only option-ids from init are valid.

Invalid state

Protocol error. Operation is called in an invalid state, for example if action is called before init.

Complete (response)

The complete response message is sent when the authentication has completed. If message contains a location property; view must redirect user agent to the supplied location.

{
  "type" : "complete",
  "success" : true,
  "data" : { 
    "location" : "<next-location>"
  }
}

Translation keys

Default translations provided:

English, assets/locales/en.json

{
  "impersonate_selector.header": "Choose",
  "impersonate_selector.paragraph": "Choose a user to impersonate",
  "impersonate_selector.label1": "Label 1",
  "impersonate_selector.label2": "Label 2",
  "impersonate_selector.label3": "Label 3",
  "impersonate_selector.label4": "Label 4",
  "impersonate_selector.label5": "Label 5",
  "impersonate_selector.label6": "Label 6",
  "impersonate_selector.label7": "Label 7",
  "impersonate_selector.label8": "Label 8",
  "impersonate_selector.label9": "Label 9",
  "impersonate_selector.label10": "Label 10",
  "impersonate_selector.error": "An error occured",
  "impersonate_selector.cancel": "Cancel",
  "impersonate_selector.self_button": "Login as myself",
  "allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
  "allow-cookies-button": "Approve language cookie",
  "table.page": "Page {{pageIndex}} of {{pageCount}}",
  "change_language": ""
}

Swedish, assets/locales/sv.json

{
  "impersonate_selector.header": "Välj",
  "impersonate_selector.paragraph": "Välj en användare att logga in som",
  "impersonate_selector.label1": "Rubrik 1",
  "impersonate_selector.label2": "Rubrik 2",
  "impersonate_selector.label3": "Rubrik 3",
  "impersonate_selector.label4": "Rubrik 4",
  "impersonate_selector.label5": "Rubrik 5",
  "impersonate_selector.label6": "Rubrik 6",
  "impersonate_selector.label7": "Rubrik 7",
  "impersonate_selector.label8": "Rubrik 8",
  "impersonate_selector.label9": "Rubrik 9",
  "impersonate_selector.label10": "Rubrik 10",
  "impersonate_selector.error": "Ett fel har inträffat",
  "impersonate_selector.cancel": "Avbryt",
  "impersonate_selector.self_button": "Logga in som mig själv",
  "allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av  språk-cookie.",
  "allow-cookies-button": "Godkänn språk-cookie",
  "table.page": "Sida {{pageIndex}} av {{pageCount}}",
  "change_language": ""
}

See below.

API follows the general conventions of the Fortified .

chain
here
Web Authenticator API
Values