Limiting the list of available first factor methods#
The FFmethods
procedure allows to offer only certain identification and authentication methods to the user when entering the application (a similar procedure with a different list of methods can be assigned to another application). The procedure uses the following identifiers to designate the first factor authentication methods:
password
- login using login and password;x509
- login via electronic signature;externalIdps
- login via external identity providers (social networks etc.);spnego
- login via operating system session;sms
- login via confirmation code from SMS.knownDevice
- login via known device;qrCode
- login via QR code;webAuthn
- login with security keys (WebAuthn, Passkey, FIDO2);tls
– login based on the transmitted HTTP header.
public class FFmethods implements Strategy {
private final Logger logger = LoggerFactory.getLogger("com.identityblitz.idp.flow.dynamic");
@Override public StrategyBeginState begin(final Context ctx) {
if(ctx.claims("subjectId") != null)
return StrategyState.ENOUGH();
else
return StrategyState.MORE(new String[]{"password","x509"});
}
@Override public StrategyState next(final Context ctx) {
Integer reqFactor = (ctx.user() == null) ? null : ctx.user().requiredFactor();
if(reqFactor == null || reqFactor == 0)
return StrategyState.ENOUGH();
else {
if(reqFactor == ctx.justCompletedFactor())
return StrategyState.ENOUGH();
else
return StrategyState.MORE(new String[]{});
}
}
}