Skip to main content

KOBIL Condition - User Role

Overview

The main task of this execution is to verify the roles assigned to the user and based on this role validation, access is either granted or denied.

ProtocolOpenID Connect 1.0
HTTP methodGET
TypeBrowser Flow
EndpointAuthorization Endpoint
Flow SupportedAuthorization code flow
Implicit flow
Hybrid flow
ResponseID Token, Access Token, Refresh Token
Response Modequery, form_post, fragment

How to configure

To configure the authenticator, follow these steps

  1. Navigate to Authentication tab
  2. Click Add step
  3. Select the authenticator to proceed with the next step
  4. Keep the default settings unchanged.

By following these steps, you will be able to successfully configure the authenticator.

KOBILCondition-UserRole

Configuration

Parameters involved in KOBIL Condition - User Role

ParameterDescription
AliasThis is the name given to the specific configuration of the authenticator. It helps identify the configuration within the authenticator flow.
Authenticator ReferenceAuthenticator Reference Specifies the authentication method used, such as password (pwd), one-time password (OTP). This reference is used to track authentication steps in the authentication flow.
Authenticator Reference Max AgeAuthenticator Reference Max Age specifies the validity period (in seconds) for a completed authentication. Once this time expires, the user must re-authenticate using the specified method.
Roles To CheckIt defines the list of roles that are assigned to the user during authentication. The authenticator will verify that all specified roles are present in the user's role list.
Role Validation Failure ActionIf Role Validation Failure Action is enabled, the authentication flow displays an Invalid credentials error message if the user fails the role validation. When disabled, the login attempt ends immediately.
Should be assigned all rolesIf Should be assigned all roles is enabled, the user must have all the roles specified in the Roles to Check field, which will be mandatory for authentication.
Note: If disabled, authentication succeeds if the user has any one of the specified roles.
Negate outputIf Negate Output is enabled, it inverts the result of the role check, i.e, access is denied if the user has any of the specified roles, whereas if the user does not have the roles access is allowed.

KOBILCondition-UserRole

User Flow

  1. KOBIL Condition - User Role must be preceded by 1FA since it procures a user's identity validation from this precedent Authenticator. For instance: KOBIL Username Password Form.
  2. KOBIL Condition - User Role authenticator verifies the roles assigned to the user and determines whether access should be granted based on the expected roles.
KOBIL Condition - User Role