AuthnApplication
Authentication application endpoint configuration allows you to configure and deploy an Authentication Application. Authentication application is type of authentication method that allows you to externalize authentication to a newly defined application.
Context path
The context path of the web application. If not specified, the context path is set to the default 'unknown' value.
Do exclude from authorization
Whether or not the web application shall be excluded from authorization process defined by the DirX Access PEP.
Port assignment identifiers
Identifiers of the port assignments for the web application. Port assignments specify the HTTP(S) ports on which the web application will listen.
Primary port assignment identifier
Identifier of the primary port assignment for given web application. It can be used for calculation of the FEP location, if location is not specified.
CORS parameters
Additional CORS parameters to those already generated from the existing endpoint configuration. CORS parameters are used to filter CORS requests.
Allowed origins
Origins allowed in the Origin header when filtering CORS requests. This
parameter has to be combined with 'allowedMethods' and 'allowedHeaders'.
According to the CORS specification, the Origin header can contain the
string null. It is possible to include this string in this
configuration property with following meaning:
-
without
nullincluded - Origin headernullleads to response FORBIDDEN, -
with
nullincluded - Origin headernullleads to request being further processed, -
*enables also thenullstring.
Default destination URL
Relative or absolute default destination to be used by the Authentication Application after a successful login where no target is explicitly specified by the client.
Explicit redirect URL field name
The name of the HTTP request parameter from which the Authentication Application gets the explicitly defined redirect URL. After successful authentication the user will be redirected to this URL. Can be used by web applications.
Internal IP address ranges
A comma-separated list of IP address ranges that indicate requests from internal clients.
Authentication method finding strategy
The algorithm that the Authentication Application is to use to determine the authentication method. Currently, two strategies are supported:
-
DxaAuthnMethodKeywordstrategy determines the authentication method based on a dedicated HTTP parameter DXA-authn-method passed to the Authentication Application. -
AuthnMethodMappingstrategy determines the authentication method based on an external authentication method mapping key. For DirX Access FEPs, the key is taken from the requested authentication context that is parsed from the SAML authentication request within FEPs. The key is mapped to a DirX Access authentication method based on configured authentication method mapping. -
Allowed Values:
-
DxaAuthnMethodKeyword -
AuthnMethodMapping
-
Authentication method mapping
The key-value mapping to be used when the 'AuthnMethodMapping'
authentication method-finding strategy is selected. To add a new
mapping, enter an appropriate saml:SamlAuthnContextClassRef
identifier; for example,
urn:oasis:names:tc:SAML:2.0:ac:classes:Password into Key, select the
corresponding authentication method in Value.
Associated Web PEP
The identifier of the Web PEP configuration object with the settings (for example, cookie name) to be used when authenticating a subject.
Default authentication method for internal clients
The authentication method to be used by default (that is, if the authentication method-finding strategy does not determine otherwise) for clients coming from internal IP addresses.