Skip to content

Configure conditional authentication

Given below are the high-level steps for enabling conditional authentication in your application.

Prerequisites

Register your application on the WSO2 Identity Server Console.

Before you proceed (only for JDK 17)

If your system operates on JDK 17, refer to Enable adaptive authentication to deploy WSO2 Identity Server with conditional authentication.

Enable conditional authentication

Follow the steps given below.

  1. On the WSO2 Identity Server Console, click Applications.
  2. Select the application for which you wish to apply a conditional login flow and go to its Login Flow tab.
  3. Click Start with default configuration to define the login flow starting with the username and password login.

  4. Turn on Conditional Authentication by switching the toggle on. You can define your conditional authentication script in the editor.

    Enable conditional auth

    Warning

    As a security measure, WSO2 Identity Server does not allow the usage of two consecutive periods (..) in authentication scripts.

Add conditional authentication script

There are two ways to add a conditional authentication script:

Add a secret to the script

Secrets securely store values associated with external APIs. These secret values are used in conditional authentication scripts when WSO2 Identity Server is required to interact with an external API (service endpoint) during the authentication process.

You can securely store these secret values on the WSO2 Identity Server Console and retrieve them whenever required for callChoreo() conditional authentication function.

Create a new secret

To add a new secret:

  1. On the WSO2 Identity Server Console, go to Applications.

  2. Select your application and go to the Login Flow tab .

  3. Add a new secret from your preferred editor:

    Enable conditional authentication and click the key icon above the script to create a new secret.

    Add secret to script

    Switch to the Visual Editor tab, expand the Script Editor and click Add Secret.

    Add secret to script using the visual editor

  4. Click Create new secret from the drop-down menu.

  5. Enter the following details:

    Create secret in WSO2 Identity Server

    Parameter Description
    Secret Name A meaningful name for the secret. This name is not changeable and will be used in the script to reference the secret.
    Secret Value You can enter the secret value that is 1 to 2048 bits in length.
    Secret Description A short description for the secret.

  6. Click Finish to complete the creation.

Delete an existing secret

To delete an existing secret:

  1. On the WSO2 Identity Server Console, go to Applications.

  2. Select your application and go to the Login Flow tab .

  3. Delete the secret by using your preferred editor:

    Enable conditional authentication and click the key icon above the script to delete a secret.

    Add secret to script

    Switch to the Visual Editor tab, expand the Script Editor and click Add Secret.

    Add secret to script using the visual editor

  4. Click the trash icon next to the secret you wish to delete.

  5. Select the checkbox and confirm your action.