UnboundID Identity Broker - External Identity HTTP User Authenticator

Identity Broker Documentation Index
Configuration Reference Home

External Identity HTTP User Authenticator

The External Identity HTTP User Authenticator provides authentication for users identified by an external identity provider by locating the user resource in a Data View with the appropriate linking meta data.

If no user resources were found with the linking meta data, the External Identity HTTP User Authenticator may also register the external identity as a new user resource. If the registration fails due to resource conflict, missing attributes, or denied attributes by policy, the current request and external identity state will be provided as additional information to the login error page. The page may prompt the user for additional information or make corrective actions and try the registration again using the Registration HTTP Authentication Scheme or merge with an existing user resource using the Form Login HTTP Authentication Scheme. The external identity state should be included as the idpToken parameter along with the appropriate login information to complete the linking process.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The External Identity HTTP User Authenticator component inherits from the HTTP User Authenticator

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ fail-on-user-not-found

Basic Properties

description

Description	A description for this HTTP User Authenticator
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this HTTP User Authenticator is enabled for use.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

fail-on-user-not-found

Description	Specifies whether to fail the authentication immediately or to use the next configured authenticator when a user resource linked to the external identity is not found.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured HTTP User Authenticators:

dsconfig list-http-user-authenticators
     [--property {propertyName}] ...

To view the configuration for an existing HTTP User Authenticator:

dsconfig get-http-user-authenticator-prop
     --authenticator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP User Authenticator:

dsconfig set-http-user-authenticator-prop
     --authenticator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new External Identity HTTP User Authenticator:

dsconfig create-http-user-authenticator
     --authenticator-name {name}
     --type external-identity
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing HTTP User Authenticator:

dsconfig delete-http-user-authenticator
     --authenticator-name {name}