Limiting the list of available first factor methods#

The FFmethods procedure allows to offer only certain identification and authentication methods to the user when entering the application (a similar procedure with a different list of methods can be assigned to another application). The procedure uses the following identifiers to designate the first factor authentication methods:

  • password - login using login and password;

  • x509 - login via electronic signature;

  • externalIdps - login via external identity providers (social networks etc.);

  • spnego - login via operating system session;

  • sms - login via confirmation code from SMS;

  • knownDevice - login via known device.

  • qrCode - login via QR code;

  • webAuthn - login with security keys (WebAuthn, Passkey, FIDO2);

  • tls – login based on the transmitted HTTP header.

public class FFmethods implements Strategy {

    private final Logger logger = LoggerFactory.getLogger("com.identityblitz.idp.flow.dynamic");

    @Override public StrategyBeginState begin(final Context ctx) {
        if("subjectId") != null)
            return StrategyState.ENOUGH();
            return StrategyState.MORE(new String[]{"password","x509"});

    @Override public StrategyState next(final Context ctx) {
        Integer reqFactor = (ctx.user() == null) ? null : ctx.user().requiredFactor();
        if(reqFactor == null || reqFactor == 0)
            return StrategyState.ENOUGH();
        else {
            if(reqFactor == ctx.justCompletedFactor())
                return StrategyState.ENOUGH();
                return StrategyState.MORE(new String[]{});