KOBIL LOGIN
KOBIL Login
This execution has the following main tasks
- To validate user existence on both IDP Provider and IDP Server (SSMS).
- Optional: To verify password against credentials stored in IDP Provider.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Settingss button and select Config . The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL Login execution
| Parameter | Description |
|---|---|
| ID | Unique system UUID, which will be assigned automatically to record in a database. |
| Alias | Name for the overall configured configurations which occurs in particular authenticator.(Example: 1fa) |
| Kobil REST Connector URL | The default value will be picked from the environment variable REST_CONNECTOR_URL. If you need to change this to a different URL or if the environment variable is not configured you can specify your Connector URL along with port number. Example:https://connector.local:8446/ Note: Use trailing slash "/" at the end. |
| Enable Password Check | If enable this will turn on password verification against IDP Provider credentials. |
| Enable Switch User | Enable to provide switch user option. Applicable only to switch to external application. |
| Switch User URL | Application URL to switch user. Applicable only if Enable Switch User is ON. |
| User Not Exist/Locked Instruction | In case user does not exist or user is locked. This message will be displayed. Input: String: Example: Your account is blocked, please contact the helpdesk at +49 000. |
| Enable Forgot Password | Enable this button to provide an option for forgot password flow incase the user forgot the password. Note: Make sure Enable Password Check option is enabled to utilize this option. |
| Enable attempted flow | Enable to skip the current authenticator/flow and countinue the next authenticator/flow. |
User Flow
Execution Flow
This execution contains following main steps:
- User provides username.
- Execution verifies if username exist on both IDP Provider and on IDP Server (SSMS).
- 2a. If the user exists -> The user will be forwarded to the next execution screen -> for example: The user needs to provide the password -> If the password is correct, user is logged in.
- 2b. If the user does not exist -> The user will be forwarded to the password verification screen, camouflage not to give away that user does not exist -> Login won’t happen, since the user doesn’t exist.