KOBIL Condition - Session/User attribute Value check
Overview
The main objective of this execution is to validate a specific attribute, sourced either from the authentication session or from a user attribute.
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To configure the authenticator, follow these steps:
- Navigate to the Authentication tab
- Click Add step and select the preceding authenticator
- Click Add sub-flow
- Select the
+button to add the conditional authenticator - Click the
Settingsbutton - Click
Config.
choose the desired action and enter the required configuration details. These steps will guide you through successfully configuring the authenticator.
Configuration
Parameters involved in KOBIL Condition - Session/User attribute Value check
| Parameter | Description |
|---|---|
| Alias | This is the name given to the specific configuration of the authenticator. It helps identify the configuration within the authenticator flow. |
| Fetch value from | This parameter determines the source from which the key and value should be retrieved. The value could be fetched from either the authentication session or the user attribute. |
| Attribute name | Name Specifies the name of the attribute that the authenticator should check. For example, this could be a session attribute or a user attribute like email or role. |
| Expected attribute value | This is the value that the specified attribute is expected to have. If the actual value matches this expected value, the condition is met. |
| Negate output | This parameter inverts the result of the attribute check. For example, if the attribute value matches the expected value, but Negate Output is enabled, the output will be considered a non-match (false). |
User flow
This execution contains the following main steps,
-
KOBIL Condition - Session/User attribute Value check must be preceded by a user-validating authenticator. For instance, KOBIL Username Password Form.
-
If the KOBIL Condition - Session/User attribute Value check authenticator is added to a flow, a true result allows the steps to execute otherwise, it proceeds to the next flow or terminates the process if no further flows are defined.