Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Look through the following for more details on the various authentication types.

Authentication TypeDetails
DefaultThis is the default authentication provided by the service provider.
Local Authentication

This is the authentication enabled in the Identity Server. There are three types of local authenticators.

  • The basic authenticator is used to authenticate the user using the credentials available in the Identity Server.
  • IWA stands for Integrated Windows Authentication and involves automatically authenticating users using their Windows credentials.
  • FIDO authenticator is a local authenticator that comes with the WSO2 Identity Server. This will handle FIDO authentication requests related key validation against stored keys, the public key, keyhandler, and the counter, attestation certificate of FIDO registered users.
Federated AuthenticationThe Federated Authenticators are not within the Identity Server like local authenticators. These are external. Federated authentication is based on the identity provider that you added to the WSO2 Identity Server. In this case, the user is authenticated by checking the user credentials specified in the identity provider.
Advanced ConfigurationAdvanced configurations enable you to add multiple options or steps in authentication. When multiple authentication steps exists, the user is authenticated based on each and every one of these steps. If only one step is added then the user is only authenticated based on the local and/or federated authenticators added in a single step. However, in the case of local and/or federated authenticators, the authentication happens based on any one of the available authenticators.

Request path authenticators

...

Panel
titleRelated Topics
  • For information on a local authenticator that is executed if the initial authentication request brings

...

  • a set of credentials with it

...

The request path authenticators always require the user credentials to be present in the initial authentication request itself. This does not need any end-user interactions with the Identity Server.

Once the request path authentication is successfully completed, the request path authenticator will notify the authentication framework. The framework will now decide no more authentication is needed and hand over the control to the corresponding response builder of the inbound authenticator.

Do the following to configure this.

  1. Expand the Local & Outbound Authentication Configuration section.
  2. Expand the Request Path Authentication Configuration section.
  3. Select the request path authenticator from the dropdown and click the Add button.
Related Topics
Panel
title