This section explains how identity propagation is configured in the Loginapp REST API (used by the Loginapp UI).
Instruction
- Go to:
Loginapp >> Applications and Authentication >> <a target application >> Authentication Flow - Add one or more identity propagator plugins to the list Identity Propagation. The identity propagators are processed in the defined order.
- Use property Username To Propagate Provider to define what piece of information to provide to the configured identity propagator(s) as username. Depending on the target application's needs this may also be a different user property or the value must be transformed in some way. Note that this property is not used for OAuth/OIDC target applications.
- Where possible, it is recommended to use the plugin Generic Identity Propagator.
Available Identity propagators
The Loginapp REST API supports the following identity propagator plugins (more may be added in newer versions - please check the available plugins in the Config Editor).
Identity propagator plugin | Purpose |
---|---|
Generic ID Propagator | This is the most flexible general-purpose identity propagator providing the largest number of identity attributes.
See The Generic ID Propagator plugin for details. |
Legacy ID Propagation Adapter | This adapter allows using a number of older identity propagator plugins.
Instead of using the plugins marked with *, use the Generic ID Propagator. The legacy adapter can also be used for older custom identity propagators implementing the marker interface |
OAuth 2.0/OIDC ID Propagator | This identity propagator is used to finish the OAuth/OIDC authorization code grant flow. It is only used if the authentication flow was started with an OAuth/OIDC authorization code grant. |
Target URI ID Propagator | Allows to transform the target URI (the URI of the application the user originally tried to access before having been redirected to the login application) and send it to the REST client in an HTTP header. This propagator is usually used in combination with other identity propagators (as it does not itself propagate the identity). |
Every identity propagator can be configured with a condition. Each identity propagator in the list is only used if the condition is met.
Further information and links
- Conceptual information: Identity propagation