Configuring an external authentication method#

Blitz Identity Provider,allows developers to add support for their own authentication method at deployment. To do this, you need to develop an application that implements the authentication logic and connect this application to Blitz Identity Provider. In Blitz Identity Provider, the authentication method “External authentication method” is configured for this purpose. You can implement an external authentication method to work as both a first and a second authentication factor.

../_images/auth_ext_en.png

To configure the use of Blitz Identity Provider with an external authentication method:

  1. Configure a new “external” first or second factor authentication method by clicking the “Add an external authentication method” link. Specify the parameters of this authentication method:

    • method identifier - a card with the name of the method will be displayed among methods of authentication, the method with the given identifier will be possible to access from the Authentication flows;

    • URL of the external service;

    • assertion names - a list of assertions that an external method can set for the user;

    • passed cookies - list of names of cookies that will be thrown when an external method is called;

    • sent headers - the list of headers, which will be passed when calling the external method;

    • Applicability Determination Service URL - address of the optional method service. If specified, this URL will be called before the main service is called to determine the applicability of this authentication method. If the URL is not specified, the method is assumed to be always applicable;

    • cookie security - the name of the cookie in which the session ID from the external method will be passed.

    • passed assertions - list of assertions to be passed to the external method (if the parameter is not specified, all assertions available in the login session will be passed to the external method);

    • additional parameters - specified in JSON format. The specified parameters will be passed to the external method. This can be useful to be able to configure the settings of the external authentication method through the Blitz Identity Provider admin console.

    • after saving enable method - a checkbox indicating that you should immediately enable the authentication method after saving the settings.

  2. On the side of the external method it is necessary to provide the processing of authentication requests and check applicability according to the Integration Guide” document.