Configuring authentication AuthStates and backends
The AuthState(s) and backends that are handling the real authentication are deployed inside the "AuthEngine". This may consist of one single authentication state handler (AuthState) or a set of such, depending on the implementation.
The general configuration pattern looks as follows:
<AuthEngine name="TheAuthEngine">
<Domain name="SSO1">
<Entry method="authenticate" state="LoginUidPw"/>
<Entry method="unlock" state="LoginUidPw/>
<Entry method="stepup" state="LoginOneTimePw"/>
</Domain>
<Domain name="SSO2">
<Entry method="authenticate" state="LoginUidPw"/>
</Domain>
<AuthState name="LoginUidPw" ...>
....
</AuthState>
<AuthState name="LoginChangePw" ...>
....
</AuthState>
<AuthState name="LoginOneTimePw" ...>
....
</AuthState>
<AuthState name="AuthDone" ...>
....
</AuthState>
</AuthEngine>
The AuthEngine defines an arbitrary number of resource or domain-specific authentication infrastructures.
The specific configuration depends on the implementation of the AuthStates and has to be provided by the project that delivers the authentication code.
nevisAuth itself contains a set of authentication states that are explained in detail in chapter Authentication Plug-Ins and AuthStates.