AuthController

Customisable authentication menu

Introduction

The AuthController authenticator is responsible for various levels of controls. It can be placed in a chain before or after the actual user identification.

A fail-response from the configured pipe will result in a failed authentication.

Configuration

Authenticator type: AuthController

Common Authenticator configuration can be found here.

Name

Description

Default

Mandatory

pipe_id

ID of the pipe responsible decision making.

N/A

fail_location

Where to send user agent on failed auth validation.

N/A

failed_redirect

User-Agent redirection based on error response from pipe. See advanced redirection.

N/A

{
    "id": "authz",
    "type": "AuthController",
    "config": {
        "base_path": "/saml/authn",
        "pipe_id": "validate",
        "fail_location": "https://fortifiedid.se",
        "failed_redirect": [
            {
                "pattern": ".*Missing input param 'idg'.*",
                "target": "https://www.idg.se"
            },
            {
                "pattern": ".*Missing input param 'sunet'.*",
                "target": "https://www.sunet.se"
            }
        ]
    }
}

Advanced redirection

Based in error response from pipe, user-agent can be redirected using regex patterns. For non-matching responses fail_location is used as fall back.

fail_location is a array of fail locations object. On fail-response from pipe the list is iterated. At first match user-agent is redirected.

Name

Description

Default

Mandatory

failed_redirect.pattern

Regex expression

N/A

failed_redirect.pattern

If matched, where to send the user agent

N/A

PreviousSelector NextChain