Details

    • Type: Task
    • Status: Done
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: v2.6.0
    • Labels:
      None

      Description

      Endpoint should have authenticators configuration reworked. Now it should be configured as a simple list of authentication flows. I.e.

      unityServer.core.endpoints.X.endpointAuthenticators=...

      should become unsupported.

      Instead a new option:

      unityServer.core.endpoints.X.endpointAuthenticationFlow.1=flow1
      ...

      should be added.

       

      What is the biggest part of this task is to that the flows should drive endpoints login process:

      Initially endpoint should show a union of all 1st factor authenticators from all login flows.

      After authentication with a chosen 1st factor authenticator the further processing should be determined by its authentication flow's 2nd factor policy:

      • require - show the first 2nd factor authenticator from the list, for which the user has valid credential. If there is no such credential then fail authN with appropriate error.
      • userOptIn - if user opted-in for 2nd factor show the first 2nd factor authenticator from the list, for which the user has a credential. If user opted out or has no such credential finish authN with success.
      • never - finish authN with success just after 1st factor.

      Obvious: in any case if 2nd factor authentication is used then it is mandatory to succeed.

        Attachments

          Activity

            People

            • Assignee:
              piotrpiernik Piotr Piernik
              Reporter:
              golbi Krzysztof Benedyczak
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: