Authenticators are components that performs authentication. Authentication is the process of validating one or more credentials provided by an individual or a system to prove an identity. Credentials can be secret information like a PIN or a password, a private encryption key on a mobile phone, a fingerprint or a one time password issued by a hardware token or non secret information lika a username, internet address or a location.
Authenticators can be divided into three categories depending on their responsibilities:
Credential validators
Flow controllers
Protocol managers
Credential validators are responsible for validating credentials like password or BankID.
Flow controllers does not perform any actual validation of credentials, instead they are used for controlling the flow of an authentication consisting of more than one authenticator and they rely on credential validating authenticators to perform the actual validation of supplied credentials.
Protocol managers are flow controllers responsible for specific protocols like SAML or OIDC.
Using these three types of authenticators complex authentication flows containing validation of multiple credentials and user selections can be constructed.
Configuring an authenticator is done by inserting them in an enclosing AuthN module in the "config.authenticators" property.
Example below shows how one authenticator is configured.