Configure user age-based adaptive authentication¶
This page guides you through configuring user age-based adaptive authentication for a sample web application.
Scenario¶
Consider a scenario where users younger than 18 should be prevented from signing in to an application and redirected to an error message.
Prerequisites¶
- You need to set up the sample application.
- You need to update claims to support
BirthDate
by default.- On the management console, go to Claims > List, select
http://wso2.org/claims
. - Click on Edit corresponding to the BirthDate claim
- Select the Supported By Default checkbox to enable the birthdate claim.
- On the management console, go to Claims > List, select
-
You need to add two users with login permissions, and update the age as specified:
- Username:
Alex
; Age:< 18 years
- Username:
Kim
; Age:> 18 years
- Username:
Configure user age-based authentication¶
To configure user-age-based authentication:
-
On the management console, go to Main > Identity > Service Providers > List.
-
Click Edit on the
saml2-web-app-pickup-dispatch.com
service provider. -
Expand the Local and Outbound Authentication Configuration section and click Advanced Configuration.
-
You will be redirected to Advanced Configuration, expand Script Based Conditional Authentication.
-
In the Templates section, click on the
+
corresponding to the User-Age-Based template. -
Click Ok to add the authentication script. The authentication script and authentication steps will be configured.
Info
By default,
TOTP
will be added as the second authentication step. You can update this with any authentication method. -
Click Update to save your configurations.
Try it out¶
-
Access the following sample Pickup Dispatch application URL:
http://localhost.com:8080/saml2-web-app-pickup-dispatch.com
-
Click Login and enter Kim's credentials. You will be successfully logged in to the application.
-
Logout of the application and login as
Alex
.You will be restricted from logging in as Alex is underage.