Introduction
Upon each authentication request, the CoreOne Suite executes various authentication steps dependent on the configuration, user data and user behavior. The subsequent list provides an overview of the possible steps.
These steps are executed in the order as shown below.
Subprocess | Description |
|---|---|
Validate client | Validates if the requesting client is authorized to do so. |
Block request | Checks if the current IP has to many invalid logon attempts. |
Resolve user | Checks if the user has already been resolve. This is the case if there is a |
Check application access | Validates if the resolved user is allowed to access the requested application. |
Show register page | Redirects the user to the register page if the parameter Supported prompt values include: If unsupported prompts are requested, they are ignored. If the |
Show login page | Presents the user with the appropriate authentication page. Note that this process contains a lot of sub-steps by itself, such as account merging with federated identities or password policy checks. |
User data missing / Attribute elevation | If additional information is required from the user to access an application, which is not yet available in the local meta directory, this information is retrieved. |
Check browser fingerprint | Generates a unique fingerprint of the browser. |
Check verification status | Checks if the user has pending verification steps, such as email verification. |
Terms and conditions | Checks if the user needs to accept the terms and conditions for the requested application. |
Unfinished certifications | Checks if the user has open certification processes. |
User up to date | Validates if the user needs to update any data such as passwords or email addresses. |
Inactive delegations | Checks if the user has inactive delegations for the requested application. |
Consent | Checks if the user has to give consent for the current application. |