The External Identity HTTP User Authenticator provides authentication for users identified by an external identity provider by locating the user resource in a Data View with the appropriate linking meta data.
If no user resources were found with the linking meta data, the External Identity HTTP User Authenticator may also register the external identity as a new user resource. If the registration fails due to resource conflict, missing attributes, or denied attributes by policy, the current request and external identity state will be provided as additional information to the login error page. The page may prompt the user for additional information or make corrective actions and try the registration again using the Registration HTTP Authentication Scheme or merge with an existing user resource using the Form Login HTTP Authentication Scheme. The external identity state should be included as the idpToken parameter along with the appropriate login information to complete the linking process.
↓Parent Component
↓Properties
↓dsconfig Usage
The External Identity HTTP User Authenticator component inherits from the HTTP User Authenticator
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ fail-on-user-not-found |
Description | A description for this HTTP User Authenticator |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this HTTP User Authenticator is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Specifies whether to fail the authentication immediately or to use the next configured authenticator when a user resource linked to the external identity is not found. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured HTTP User Authenticators:
dsconfig list-http-user-authenticators [--property {propertyName}] ...
To view the configuration for an existing HTTP User Authenticator:
dsconfig get-http-user-authenticator-prop --authenticator-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing HTTP User Authenticator:
dsconfig set-http-user-authenticator-prop --authenticator-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new External Identity HTTP User Authenticator:
dsconfig create-http-user-authenticator --authenticator-name {name} --type external-identity --set enabled:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing HTTP User Authenticator:
dsconfig delete-http-user-authenticator --authenticator-name {name}