AuthController

Introduction

The AuthController authenticator is responsible for various levels of controls. It can be placed in a chain before or after the actual user identification.

A fail-response from the configured pipe will result in a failed authentication.

Configuration

Common Authenticator configuration can be found here.

pipe_id

fail_location

failed_redirect

{
    "id": "authz",
    "type": "AuthController",
    "config": {
        "base_path": "/saml/authn",
        "pipe_id": "validate",
        "fail_location": "https://fortifiedid.se",
        "failed_redirect": [
            {
                "pattern": ".*Missing input param 'idg'.*",
                "target": "https://www.idg.se"
            },
            {
                "pattern": ".*Missing input param 'sunet'.*",
                "target": "https://www.sunet.se"
            }
        ]
    }
}

Advanced redirection

Based in error response from pipe, user-agent can be redirected using regex patterns. For non-matching responses fail_location is used as fall back.

fail_location is a array of fail locations object. On fail-response from pipe the list is iterated. At first match user-agent is redirected.

failed_redirect.pattern

failed_redirect.target