A custom, Kotlin-based authentication action plugin for the Curity Identity Server. This plugin expects an attribute in the authentication attributes that contain a list of accounts that the user can select to act as.
The selected identity replaces all the attributes found on the authentication attributes, with the one from the selected account.
Example attributes in subject attributes:
identities: [{
user_id: "user1",
account_id: "id1",
subdomain: "sub1"
},
{
user_id: "user2",
account_id: "id2",
subdomain: "sub2"
},
{
user_id: "user3",
account_id: "id3",
subdomain: "sub3"
}]If a single identity is found in the list, it will be used automatically without asking the user.
The plugin has two optional configuration settings
display-name-attribute- The attribute to display for the user as the identifier of the account. I.e. configuringuser_idwould display three buttons for the user with the textuser1,user2anduser3. If a combination of attributes is wanted, this can be accomplished by combining them in the template, or by the HAAPI client.identity-list-attribute- The attribute where the list of identities are found in the subject attributes.
The repository has a test config, that sets up a Username authenticator with actions setting up the example list of identities to easily deploy for testing.
The HAAPI representation of the selection screen will give the full identity object as form properties, so that the client may choose to alter the way the choices are visualized, same way the templates allow for.
{
"metadata": {
"viewName": "authentication-action/identity-picker/index"
},
"type": "authentication-step",
"actions": [
{
"template": "selector",
"kind": "authenticator-selector",
"title": "Your username is associated with the following accounts. To continue login, select one of the accounts listed below.",
"model": {
"options": [
{
"template": "form",
"kind": "select-account",
"title": "user1",
"properties": {
"user_id": "user1",
"account_id": "id1",
"subdomain": "sub1"
},
"model": {
"href": "/dev/authn/authenticate/_action/pick-identity",
"method": "POST",
"fields": [
{
"name": "identity-index",
"type": "hidden",
"value": "0"
}
]
}
},
{
"template": "form",
"kind": "select-account",
"title": "user2",
"properties": {
"user_id": "user2",
"account_id": "id2",
"subdomain": "sub2"
},
"model": {
"href": "/dev/authn/authenticate/_action/pick-identity",
"method": "POST",
"fields": [
{
"name": "identity-index",
"type": "hidden",
"value": "1"
}
]
}
},
{
"template": "form",
"kind": "select-account",
"title": "user3",
"properties": {
"user_id": "user3",
"account_id": "id3",
"subdomain": "sub3"
},
"model": {
"href": "/dev/authn/authenticate/_action/pick-identity",
"method": "POST",
"fields": [
{
"name": "identity-index",
"type": "hidden",
"value": "2"
}
]
}
}
]
}
}
]
}The default templates list the user_id field of the identities as a list.
To change what the user sees, copy the template into ${IDSVR_HOME}/usr/share/teplates/overrides/authentication-action/identity-picker.
All attributes in will be available on the $_identities variable. To list them for dev purposes, add:
<pre>
#foreach ($identity in $_identities.values())
$identity
#end
</pre>You can build the plugin by issuing the command mvn package. This will produce a JAR file in the target directory,
which can be installed.
To install the plugin, copy the compiled JAR (and all of its dependencies) into the ${IDSVR_HOME}/usr/share/plugins/${pluginGroup}
on each node, including the admin node. For more information about installing plugins, refer to the [curity.io/plugins][https://support.curity.io/docs/latest/developer-guide/plugins/index.html#plugin-installation].
For a list of the dependencies and their versions, run mvn dependency:list. Ensure that all of these are installed in
the plugin group; otherwise, they will not be accessible to this plug-in and run-time errors will result.
Please visit [curity.io] for more information about the Curity Identity Server.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent