Event subscribers

Event bus instantiation

Airlock IAM emulates a centralized event bus for the Loginapp and the Adminapp by instantiating one event bus for every incoming request and registering the configured event subscribers.

Every event subscriber must configure an event type for which this subscriber will be processed. E.g., the event type Logged in from New Device will only be handled by the event subscriber that is configured for this event type

Airlock IAM currently supports the following types of event subscribers:

Loginapp

Adminapp

Email Event Subscriber

check.svg

check.svg

Remote Event Subscriber

check.svg

check.svg

SMS Event Subscriber

check.svg

check.svg

Currently, only the modules Loginapp and Adminapp can configure event subscribers. Loginapp and Adminapp handle event requests as exclusive processes.

Running as their own process, it can be necessary to configure the same subscriber twice – once for Loginapp and once for Adminapp – to ensure that the event will be processed in all cases. For this reason, event subscribers can be configured under Event Settings, which is at the top level in both modules.

Email Event Subscriber

The Email Event Subscriber plugin sends email messages with event details. The plugin's configuration defines the recipient, who may, for example, be the end-user or an administrator.

Event attributes (see Event attributes) can be referenced to include event data in both the email subject and body. For further information, refer to the plugin documentation in the Config Editor.

Remote Event Subscriber

The Remote Event Subscriber plugin connects to a remote HTTP endpoint using the configured HTTP Method and Content Type. It can, for example, be used to send event data to a remote REST API.

Event attributes (see Event attributes) can be referenced to include event data in both the request URL and the request body. For further information, refer to the plugin documentation in the Config Editor.

SMS Event Subscriber

An SMS Event Subscriber can be configured to deliver event-triggered SMS notifications to multiple phone numbers simultaneously. Depending on the Phone Number Providers configured, SMS notifications will be sent to the phone number stored in the credential data model and/or to all phone numbers stored in the token data model. It is not possible to configure a preferred communication mobile phone number.

In case of an MTAN Token Phone Number Changed event, it is also possible to send the message to the old (replaced) phone number.

Example:

SMS Event Subscriper configuration with multiple phone number providers

Event attributes (see Event attributes) can be referenced to include event data text messages. Refer to the plugin documentation in the Config Editor for further information.

Phone number provider plugins

mTAN handler

Description

All Phone Numbers Provider

Token Data mTAN Handler

This handler can hold multiple phone numbers.
It is the preferred configuration choice over the credential data handler.

Credential Data mTAN Handler

This handler can only hold a single phone number. We recommend using the Token Data mTAN Handler instead.

Old Phone Number Provider

  • Provides the user's old phone number in case of a phone number change or deletion.

Filtered Flow Event

For most use cases, directly configuring the event type this subscriber needs to process is sufficient. A ​Filtered Flow Event can be used if more fine-grained control is required.

The Filtered Flow Event plugin allows additional selection criteria to be added.

  • The plugin contains the following (filter) properties:
  • Event is a mandatory field to set the event type.
  • Step ID Pattern is a pattern to filter for step ID.
  • Flow ID Pattern is a pattern to filter for flow ID/application ID.
  • Required Flow Type offers several options to filter for the type of flow that generated the event.

All criteria must match (logical AND) if multiple selection criteria are set.

Example:
MTAN Token Registered events can be issued in different flows (self-registration, protected self-service). An email message is sent to notify the user about this event and to use a different communication channel. The content of the email depends on the flow that created the event. Specifying Flow ID Pattern conditions in the Email Event Subscriber will achieve the desired result.

User Locked event

The User Locked event warrants special treatment by the event subscribers. It is often desirable to send different message contents determined by the cause of the User Locked event.

The ​User Locked plugin provides an additional ​Lock Reason filter to support this behavior. If configured, the event subscriber only handles those ​User Locked events that match the Lock Reason pattern.