KOBIL Username Password Form
KOBIL Username Password Form
This execution has the following main tasks
- To validate user existence on IDP Provider.
- To verify password against credentials stored in IDP Provider.
Type
Protocol | OpenID Connect 1.0 |
---|---|
HTTP method | GET |
Type | Browser Flow |
Endpoint | Authorization Endpoint |
Flow Supported | Authorization code flow Implicit flow Hybrid flow |
Response | ID Token, Access Token, Refresh Token |
Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Settings
button and select Config
. The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL Username Password Form execution
Parameter | Description |
---|---|
ID | Unique system UUID, which will be assigned automatically to record in a database. |
Alias | Name for the overall configured configurations which occurs in particular authenticator.(Example: 1fa) |
Invalid Credentials Message | Message to be displayed when the user credentials invalid. For default invalid username or password. |
User Disabled Message | Message to be displayed when the user is disabled. Default Message: User is currently disabled, please contact admin. |
Time Unit | Select the Time unit in which the user lock duration must be displayed. |
User Alias Attribute | User attribute value selected for login validation. |
Verify Secret Password | Enable to verify the secret password. |
Header on filtering secret credential ID, when Verify Secret Password is enabled | The data in the specified header will be appended with credential ID to verify the secret password. |
Registration URL | The Registration URL to be assigned for user registration link. If not specified, default registration auth flow is assigned. |
Reset Credentials URL | The Reset Credentials URL to be assigned for Forgot Login Detail link. If not specified, default reset credentials auth flow is assigned. |
Display Remaining Attempts | Enable to showcase the remaining credential input attempts before the user gets locked out due to Brute Force. |
JSON Script | JSON to display inputs in Headless V2 theme. |
JSON Error Script | JSON to display the error messages in Headless V2 theme. |
Enable Metrics | Enable the metrics which are specific to the current authenticator to expose in metrics endpoint. |
Custom Metrics Name | Name of the metrics under which specific authenticator metrics will be exposed. |
Custom Metrics description | Description about the custom metrics. |
Parameter specific to Bruteforce feature
Parameter | Description |
---|---|
Temporarily locked message | Message to be displayed when the user is temporarily locked. Example: User is temporarily locked for %time% minutes. |
Display Remaining Attempts | Enable to showcase the remaining credential input attempts before the user gets locked out due to Brute Force. |
User Flow
Execution Flow
This execution contains the following main steps:
- User provides username and password.
- Execution verifies if the username exists on IDP Provider and password exists on the IDP Provider.
- 2a. If the user does not exist or if credentials are incorrect -> The user will be redirected back to the username and password verification screen, (camouflage not to give away that user does not exist) -> Login won’t happen, since the user doesn’t exist.