Condition - KOBIL Scope Check
Overview
The primary execution of the Condition - KOBIL Scope Check authenticator verifies whether the requested scope matches a configured value and optionally evaluates session conditions. If the condition matches, it allows the execution to proceed.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To configure the authenticator, follow these steps
- Navigate to the Authentication tab
- Click Add step and select the preceding authenticator
- Click Add sub-flow
- Select the
+button to add the conditional authenticator - Click the
Settingsbutton - Click
Config.
Choose the actions you want to proceed with and enter the necessary configuration data. By following these steps, you will be able to successfully configure the authenticator.
Configuration
Parameters involved in Condition - KOBIL Scope Check
| Parameter | Description |
|---|---|
| Alias | Specifies a name for the overall configuration in a particular authenticator. (Example: JSON config) |
| Remove Session Variable | Removes the session variable from the session if enabled. |
| Scope | Defines the scope of variables required for the flow to succeed. (Example: OpenID Connect) |
| Session Key validation | Sets a condition to check the session status based on the authentication note. (Example:VALID_USER_WITH_OTP = false) |
User Flow
This execution contains the following mains steps:
- Condition - KOBIL Scope Check authenticator must be preceded by another authenticator, as it relies on the preceding authenticator (For instance: KOBIL Cookie).
- The execution verifies if the configured scope matches the requested scope and checks session conditions. If both the scope and session conditions match the configured values, the subsequent execution proceeds.