Registration Authenticator
The authenticator type "Registration” is a fully dynamic authenticator but without the purpose to authenticate users.
This authenticator is to be used when there is a need for an end user UI but where the default authenticators not are suitable. The purpose of the flow that is designed and built with the Registration authenticator does not necessarily have to end up with an authenticated user session. In fact, the most common use case for the Registration authenticator is a form based UI where the end user submit information to the server, which will act upon the data posted to the server.
The flow may consist of multiple steps (stages). The flow will not proceed to the next stage until the current stage is successfully completed. A stage is considered successfully completed once the pipe associated with the stage is completed without an error.
Templating
Values that are surrounded by double curly brackets {{value}} will be treated as something that must pass the ”templating filter”.
Stages
Each stage may consist of the following configurable parameters.
Parameter |
Comment |
Mandatory |
---|---|---|
pipeid |
The pipe that will be executed when clicking proceed |
Yes |
template |
The UI template that will be used for this stage |
Yes |
sessionValues |
Values from the session that should be available for the template in this stage |
No |
templateVariables |
Variables defined in this stage |
No |
translation |
Translations that should be available for the template in this stage |
No |
errorTranslation |
Custom error messages that should be mapped and the mapped value |
No |
Translation
Translation will be handled by using ”template translation strings”. Values that are surrounded by double curly brackets {{value}}.
Translations defined in the stage are the only translations that will be translated in that stage.
Example of different kind of translations where the first one corresponds to {{common.messages.human}} and the second one to {{header}} in the template file and ppsspasot.setpwd.header in the translation file.
"translation": [
"common.messages.human",
{
"key": "header",
"mapKeyTo": "ppsspasot.setpwd.header"
}
]
Session Values
Session values are data which previously have been added to the session, such as a previous stage.
Session values are surrounded by double curly brackets {{value}}.
Session values defined in the stage are the only ones that will be fetched from the session.
Example with username:
"sessionValues": [
"username"
]
Template Variables
Template variables are variables which are defined in the stage.
Example of different kind of template variables
"templateVariables": {
"cancel_href": "/netid_reg/authenticate/logout/netid_reg/?nextTarget=/netid_reg/authenticate/netid_reg",
"methods": [
{
"title": "netid.messages.buttons.nias_od",
"data-toggle-action": "OD"
}
]
}
Error Handling
Errors from the flow can be mapped into any custom error message.
The mapped value may also be translated from the translation files.
Example where the generated error from the pipe will contain the key Empty. This will be mapped to the content of "value".
"errorTranslation": [
{
"key": "Empty",
"value": "No user found with this mail address!"
}
]
Example Configuration
About
This example is a flow where the end user can update his mobile number in the LDAP directory.
The matching of users is based on the mail attribute.
Authenticator
{
"alias": "demo",
"name": "Registration",
"configuration": {
"stages": [
{
"pipeid": "pipe-stage1",
"template": "template-stage1",
"sessionValues": [
"stage"
],
"templateVariables": {
"stage": "First Stage"
},
"translation": [
"reg.mail",
"reg.heading",
"reg.next",
"reg.cancel"
],
"errorTranslation": [
{
"key": "Empty",
"value": "No user found with this mail address!"
}
]
},
{
"pipeid": "pipe-stage2",
"template": "template-stage2",
"sessionValues": [
"mail",
"sn",
"givenName",
"mobile"
],
"templateVariables": {
"stage": "Second Stage"
},
"translation": [
"reg.mail",
"reg.sn",
"reg.givenName",
"reg.mobile",
"reg.heading2",
"reg.next",
"reg.cancel"
]
},
{
"pipeid": "pipe-stage3",
"template": "template-stage3",
"sessionValues": [
"mobile"
],
"templateVariables": {
"stage": "Third Stage"
},
"translation": [
"reg.bodyComplete"
]
}
]
},
"id": "registration"
}
Pipes
{
"id": "pipe-stage1",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
"base_dn": "OU=Training,DC=company,DC=local",
"scope": "SUB",
"size_limit": "0",
"filter_template": "mail={{request.mail}}",
"attributes": "mail,givenName,sn,mobile"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "Empty",
"exec_if_expr": "flow.items().isEmpty()"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "givenName",
"value": "{{item.givenName}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "sn",
"value": "{{item.sn}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "mobile",
"value": "{{item.mobile}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "mail",
"value": "{{item.mail}}"
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
},{
"id": "pipe-stage2",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
"base_dn": "OU=Training,DC=company,DC=local",
"scope": "SUB",
"size_limit": "0",
"filter_template": "mail={{session.mail}}",
"attributes": ""
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "mobile",
"value": "{{request.mobile}}"
}
},
{
"name": "SessionPropertyReplaceValve",
"config": {
"name": "mobile",
"value": "{{request.mobile}}"
}
},
{
"name": "LDAPModifyValve",
"config": {
"connection_ref": "e83d260d-c576-41af-80c2-8130c61a3d6a",
"modification_type": "REPLACE",
"attributes": "mobile"
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
}, {
"id": "pipe-stage3",
"valves": [
{
"name": "DumpRequestValve",
"config": {}
}
]
}
Templates
Templates used in this example
Testing
1: Configure the example
2: go to /test/authentication/demo