KOBIL Username Password Form
KOBIL Username Password Form
This execution has the following main tasks
- To validate user existence on IDP Provider.
- To verify password against credentials stored in IDP Provider.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Settings button and select Config . The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL Username Password Form execution
| Parameter | Description |
|---|---|
| ID | Unique system UUID, which will be assigned automatically to record in a database. |
| Alias | Name for the overall configured configurations which occurs in particular authenticator.(Example: 1fa) |
| Invalid Credentials Message | Message to be displayed when the user credentials invalid. For default invalid username or password. |
| User Disabled Message | Message to be displayed when the user is disabled. Default Message: User is currently disabled, please contact admin. |
| Time Unit | Select the Time unit in which the user lock duration must be displayed. |
| User Alias Attribute | User attribute value selected for login validation. |
| Verify Secret Password | Enable to verify the secret password. |
| Header on filtering secret credential ID, when Verify Secret Password is enabled | The data in the specified header will be appended with credential ID to verify the secret password. |
| Registration URL | The Registration URL to be assigned for user registration link. If not specified, default registration auth flow is assigned. |
| Reset Credentials URL | The Reset Credentials URL to be assigned for Forgot Login Detail link. If not specified, default reset credentials auth flow is assigned. |
| Display Remaining Attempts | Enable to showcase the remaining credential input attempts before the user gets locked out due to Brute Force. |
| JSON Script | JSON to display inputs in Headless V2 theme. |
| JSON Error Script | JSON to display the error messages in Headless V2 theme. |
| Enable Metrics | Enable the metrics which are specific to the current authenticator to expose in metrics endpoint. |
| Custom Metrics Name | Name of the metrics under which specific authenticator metrics will be exposed. |
| Custom Metrics description | Description about the custom metrics. |
Parameter specific to Bruteforce feature
| Parameter | Description |
|---|---|
| Temporarily locked message | Message to be displayed when the user is temporarily locked. Example: User is temporarily locked for %time% minutes. |
| Display Remaining Attempts | Enable to showcase the remaining credential input attempts before the user gets locked out due to Brute Force. |
User Flow
Execution Flow
This execution contains the following main steps:
- User provides username and password.
- Execution verifies if the username exists on IDP Provider and password exists on the IDP Provider.
- 2a. If the user does not exist or if credentials are incorrect -> The user will be redirected back to the username and password verification screen, (camouflage not to give away that user does not exist) -> Login won’t happen, since the user doesn’t exist.