Ready-made login procedures

The package includes several ready-made procedures that can be changed if necessary:

• forced two-factor application authentication in application (Require2ndFactor);

• limiting the list of available first factor methods when logging into the application (FFmethods);

• granting access to the application only with a certain value of the attribute (AccessByAttribute);

• prohibit logging into the application after the account expires (AccountExpiresCheck);

• allow logging into the application only from certain networks (AllowedIPs);

• prohibit work in several simultaneous sessions (RestrictSessions);

• saving a list of user groups in statements (claims) (AddGroupsToToken);

• displaying an announcement to the user at login (InfoPipe);

• request for user to enter attribute or update a phone number and email (PipeAttrActAdd);

• request for the user to enter a security question unless it is asked in the account (PipeSecQuestion);

• registration of security key WebAuthn, Passkey, FIDO2 at login (PipeWebAuthn).

• display a list of value selections to the user at login (ChoicePipe).

Listings of these procedures are provided below. For ease of debugging, you can output information on the authentication state to the log using the logger.debug() function. For example, the following command will log the specified authentication level for a user:

logger.debug("requiredFactor="+ctx.userProps("requiredFactor"));