Skip to main content
Version: 7.2402.x.x RR

IdmGetUserByCredentialState

This AuthState is an authenticating AuthState ).

This plug-in is basically a mapping between an external token/ID and a nevisIDM user. The state assumes that there is only a single user with the token. If more than one user is found, an exception occurs.

If we want to look up the user by SAML federation credential, all SAML federation-specific attributes are mandatory. In this case, do not set the credential value.

TopicDescription
Classch.nevis.idm.authstate.IdmGetUserByCredentialState
LoggingIdmAuth
AuditingNone
MarkerNevisIDM:extern
Propertiescredential.type (string, -) Define credential type (EL supported).
credential.value (string, "${inargs:credentialValue}") Define credential value.
credential.saml.issuerNameId (string, -) Define SAML federation issuer name ID.
credential.saml.subjectNameId (string, -) Define SAML federation subject name ID.
credential.saml.issuerNameIdFormat (string, -) Define URI of the SAML federation issuer name ID format
credential.saml.subjectNameIdFormat (string, -) Define URI of the SAML federation subject name ID format
client.name (defined in the chapter "Default input properties")
updateLoginInformation (boolean, false) Setting this parameter to true causes a success update (increments login success count, sets the last login date to current date) on the found credential.
Methodsprocess (all events)
InputNone
Transitionsok: one existing user is found successfully.
failed: Mapping the credential type and value to the user failed, or the found user is not active. This is also the case if the credential is not active.
clientNotFound: User uses an unsupported client ID or the "default" client ID (see input above) is not available.
OutputNone
Errors1: Login failed. GUI descriptor:AuthErrorDialog is generated.
NotesNone

Example

<AuthState name="IdmGetUserByCredentialState" final="false"

class="ch.nevis.idm.authstate.IdmGetUserByCredentialState">
<ResultCond name="ok" next="AuthDone"/>
<Response value="AUTH_ERROR">
<Gui name="AuthErrorDialog"/>
</Response>
<propertyRef name="IdmCertificateLogin"/>
<property name="credential.type" value="KERBEROS" />
<property name="credential.value" value="KRB_ID" />
<property name="updateLoginInformation" value="true" />
</AuthState>