>
Configuration
> Pass-through Authenticator Definitions. The Pass-through
Authenticator Definitions
page appears.
Pass-through authenticator definitions define the information sent to an external service through an HTTP connector. The external service uses the information configured in the pass-through connector to allow a user to use a pass-through authenticator for second-factor authentication. If the user provides the correct information as configured in the HTTP connector, the connector returns a response code to allow the user to access the protected external service.
Pass-through authenticator definitions configuration supports the use of placeholders. A placeholder is a symbol to mark a place and name when configuring connectors for the dynamic data and you do not have the values when composing the API call. The values are populated in when the call is made to the connector.
Placeholders are supported for the following:
● URL path (not in hostname/domain section)
● Authorization header (not name)
● Request Body
The following describes placeholder restrictions:
● Placeholders are marked by {{}}
● Placeholder must start with any of these prefixes:
– REQ.—The placeholder's value comes from the Request body.
– USER.—The value from a user's attributes.
– ENV.—The environment data. Only clientIp is supported.
– AUTH—The authentication information gathered from the Authentication Method used in the external service configuration.
● Placeholders prefixed by REQ., USER., or ENV. include dynamic data that interacts with the user's inputs. The name after the prefix must match. In contrast, AUTH is a special type of placeholder.
● Domain and subdomain in the URL are static—no placeholders are allowed.
● Placeholders cannot use delimiter symbols. The placeholders and resultItems used in the same HTTP Connector must be unique.
● A placeholder, once configured, must have its values, in one of the following:
– AUTH—HTTP Connector configuration
– REQ.
– ENV.
– The UI input.
– USER.—User attribute configuration
● All the values are mandatory. If any placeholder cannot find its matching values, the connector call will fail.
Create a pass-through authenticator definition
1. Click
>
Configuration
> Pass-through Authenticator Definitions. The Pass-through
Authenticator Definitions
page appears.
2. Click 
. The
Add
Pass-through Authenticator Definition page appears.
3. Enter a Name field for the pass-through authenticator definition.
4. Optional. Complete the Challenge Connector Details to create the HTTP Connector used to retrieve a challenge for authentication.
a. Click Add next to Challenge HTTP Connector. The Add HTTP Connector page appears.
b. Enter a Name for the request.
c. From the Method drop-down list, select the HTTP request method used to make the request to the external service.
d. In the URL field, enter the URL of the login endpoint of the external service. If applicable, add required parameters to the URL that are used to make the request to the external service.
Note: The Domain part of the URL must be an external host name or an IP address. Internal hostnames are not allowed.
e. From the Authorization Type, drop-down list, select the authentication method passed to the external resource to obtain the authentication token. Depending on the selection you make, you are prompted for additional information, as follows:
– Basic. Enter the User Name and Password for the external service.
– BEARER_TOKEN. Enter the token value used by the external service.
– API_Key. Select the API Key Type and enter the API Key Value.
f. If required, click Add to add authorization Headers to the HTTP request, and then enter the Header Name and Header Value. You can add as many headers as required to make the request.
g. If required, In the Results Items section, set the values used to return the risk assessment, as follows:
i) Enter the Key that is used to assess the risk.
ii) Select the Value Type, which can be either a String or a Numeric value, and enter the JsonPath for the results item.
Note: For more information on Query expressions for JSON, see RFC 9535, JSONPath: Query Expressions for JSON.
iii) Click Add to define additional Keys used to return the results of the risk assessment.
h. Optional. In the Request Body, add additional content, as required.
5. Click Add to save the HTTP Connector and return to the Pass-through Authenticator Definition.
6. Select the Success Criteria that is used to determine whether the request was successful:
● 2xx Response Code—The request was successful and the expected response was returned to the external service.
● Response Body—Includes the data requested by IDaaS in the GET request.
7. Complete the Authenticate Connector Details to create the HTTP Connector used to authenticate a user from an Authentication API application.
a. Click Add next to Authenticate HTTP Connector. The Add HTTP Connector page appears.
b. Enter a Name for the request.
c. From the Method drop-down list, select the HTTP request method used to make the request to the external service.
d. In the URL field, enter the URL of the login endpoint of the external service. If applicable, add required parameters to the URL that are used to make the request to the external service.
Note: The Domain part of the URL must be an external host name or an IP address. Internal hostnames are not allowed.
e. From the Authorization Type, drop-down list, select the authentication method passed to the external service to obtain the authentication token. Depending on the selection you make, you are prompted for additional information, as follows:
– Basic. Enter the User Name and Password for the external service.
– BEARER_TOKEN. Enter the token value used by the external service.
– API_Key. Select the API Key Type and enter the API Key Value.
f. If required, click Add to add authorization Headers to the HTTP request, and then enter the Header Name and Header Value. You can add as many headers as required to make the request.
g. If required, In the Results Items section, set the values used to return the risk assessment, as follows:
i) Enter the Key that is used to assess the risk.
ii) Select the Value Type, which can be either a String or a Numeric value, and enter the JsonPath for the results item.
Note: For more information on Query expressions for JSON, see RFC 9535, JSONPath: Query Expressions for JSON.
iii) Click Add to define additional Keys used to return the results of the risk assessment.
h. Optional. In the Request Body, add additional content, as required.
8. Click Add to save the HTTP Connector and return to the Pass-through Authenticator Definition.
9. Select the Success Criteria that is used to determine whether the request was successful:
● 2xx Response Code—The request was successful and the expected response was returned to the external service.
● Response Body—Includes the data requested by IDaaS in the GET request.
10. Click Save to save the external service and return to the Pass-through Authenticator Definitions page.