Internal authenticators aim to identify users trying to access http based resources located on the local PAS server itself. The config UI, for instance, is by default protected by an internal authenticator.  

A successful authentication typically will create an authenticated http session. 

Flow described in image below.

Shared properties

All the internal authenticators share some properties. These properties are covered here. 

Note that some may not be applicable due to context specifics. For instance, template properties will have no effect on authenticators not using templates.

Name Description Default value Mandatory
includeQueryString On a successful authentication, should the data from the original query be added when redirecting the client false No
sessionValues When rendering template, the template can pull data from from the session. For more int see: Use of sessionValues parameter on HTTP authenticator No
allowLanguageChange Should the user be able to change the language in the UI true No
icon The default 'icon' in the template. Not to be confused with favicon res/images/backgrounds/transparent.png No
translation A JSON Array of custom translation keys No
templateVariables Custom data used for either changing default behaviour or adding new values to the template No

Detailed properties description

includeQueryString - 

All internal authenticators ultimately ends with a redirect to a preconfigured location. By setting:


Any query data present at first entry will be added to the redirect.

sessionValues -

When wanting to use session data when rendering templates this can be achieved by setting:

"sessionValues": ["mobile","mail"]

In this case template will try to find mobile and mail in session and try to inject their value into the template.

Note that only single values are supported. Null or empty is rendered as empty.

allowLanguageChange -

In templates allowing for users to change the language disable language meny by setting:



Almost all templates have an icon element defined. By changing this the icon can be customized. Note that the path is relative from <INSTALLATION_ROOT>/mods/com.phenixidentity~auth-http~x.x.x/web/

translation -

Used for adding additional translation. Two possible types of configuration:


This will inject the value found in the key "custom.key.valy" in the current locale.

Second possibility:



                "key": "title","mapKeyTo": "ppsspassms.messages.title"



 This will try to find the element "title" and inject the value stored in "ppsspassms.messages.title" for the current locale.

Both configuration options can be used.

templateVariables -

Use for context specific configuration. This is often proprietary bound to the template used.