Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Chained Identity Authenticators may be used to establish the association between an Identity Authenticator Chain and an Identity Authenticator.
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct aggregation relation from Chained Identity Authenticators:
The following components have a direct composition relation to Chained Identity Authenticators:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ identity-authenticator | None |
| ↓ enforcement-criteria | |
| ↓ evaluation-order-index |
identity-authenticator (Read-Only)
| Description | The authenticator that should be invoked in the chain. |
| Default Value | None |
| Allowed Values | The DN of any Identity Authenticator. The associated authenticator must be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Controls the overall enforcement criteria for the authenticators defined in the chain. |
| Default Value | required-continue |
| Allowed Values | required-continue - The authenticator is required to succeed. If it succeeds or fails, authentication still continues to proceed down the chain. required-stop-on-failure - The authenticator is required to succeed. If it succeeds, authentication continues down the chain. If it fails, authentication does not proceed down the chain and is considered failed. optional-stop-on-success - The authenticator is not required to succeed. If it does succeed, authentication does not proceed down the chain and is considered success. If it fails, authentication continues down the chain. optional-continue - The authenticator is not required to succeed. If it succeeds or fails, authentication still continues to proceed down the chain. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Chained Identity Authenticators are defined, Identity Authenticators are evaluated based on this index from least to greatest. Values of this property must be unique but not necessarily contiguous. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Chained Identity Authenticators:
dsconfig list-chained-identity-authenticators
[--property {propertyName}] ...
To view the configuration for an existing Chained Identity Authenticator:
dsconfig get-chained-identity-authenticator-prop
--authenticator-name {name}
--chain-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Chained Identity Authenticator:
dsconfig set-chained-identity-authenticator-prop
--authenticator-name {name}
--chain-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Chained Identity Authenticator:
dsconfig create-chained-identity-authenticator
--authenticator-name {name}
--chain-name {name}
--set evaluation-order-index:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Chained Identity Authenticator:
dsconfig delete-chained-identity-authenticator
--authenticator-name {name}
--chain-name {name}