Identity Server SDK 11.1.1 API
Curity Identity Server SDK
Plugin Types
The type of a plugin defines what functionality it adds to the Server at runtime. A plugin declares its type by implementing one of the subtypes ofPluginDescriptor.
Authorization Manager
An Authorization Manager plugin provides an implementation ofAuthorizationManager.
Authorization Manager plugins are described by a AuthorizationManagerPluginDescriptor.
Data Access Provider
A Data Access Provider plugin provides one or moreDataAccessProvider implementations.
Data Access Provider plugins implement the DataAccessProviderPluginDescriptor
interface. Samples can be
found on GitHub.
SMS Sender
An SMS plugin provides anSmsSender service, used for sending SMS messages.
SMS sender plugins implement the SmsPluginDescriptor interface.
Samples can be found on GitHub.
Email Sender
An email sender plugin provides aEmailer service, and is used to send
email messages.
Email sender plugins implement the EmailProviderPluginDescriptor interface. Samples can be found on GitHub.
Authenticator
An Authenticator plugin is described by aAuthenticatorPluginDescriptor.
They provide handlers for anonymous requests (such that users can, for example, access login and registration pages), as well as handlers of the actual logic for authentication and registration. Samples can be found on GitHub.
Back-channel Authenticator
A back-channel authenticator is used to authenticate a user when the OpenID Connect Client-initiated Back-channel Authentication (CIBA) protocol is used.
Back-channel authenticators are described by the BackchannelAuthenticatorPluginDescriptor.
An example can be found on GitHub.
Authentication Action
An Authentication Action plugin is described byAuthenticationActionPluginDescriptor.
These type of plug-ins provide the "steps" within a workflow that execute after login or SSO. Samples can be found on GitHub.
Event Listener
AnEventListener plugin allows arbitrary custom logic to run in response
to an Event being published.
The EventListenerPluginDescriptor class describes this type of plugin.
Samples can be found on GitHub.
Consentors and Signing Consentors
A consentor is a plugin that runs after user consent has taken place in an OAuth flow. It implements additional
logic that verifies the consent prior to it being granted. A specialized type of consentor is a Signing
Consentor. Because this specialization is so common, a subtype exists to simplify the development of this kind
of consentor. A general consentor plugin will implement the ConsentorPluginDescriptor interface and signing consentors will
implement SigningConsentorPluginDescriptor. Samples can be found on GitHub.
Claims Provider
When tokens are issued and claims need to be added to them, the values can be obtained from Claims Providers.
This kind of plugin will implement the ClaimsProvider interface.
This is made know to the run-time environment by implementing an instance of the ClaimsProviderPluginDescriptor interface.
Alarm Handler
When an alarm is raised for the first time, its severity changes, or when it is cleared, the Alarm Handler is invoked.
This kind of plugin will implement the AlarmHandlerPluginDescriptor interface.
It can choose to handle the alarm directly itself, or forward the message to some other system (e.g., a NMS or NOC).
An Alarm Handler that forwards the alarm info rather than handling it directly, is referred to as an Alarm Notifier.
Configuration
Plugins can be configured through the same user interfaces provided for administrating the standard components of the server.
A plugin defines its configuration by declaring an interface extending the Configuration
interface in its descriptor.
Services
Services provided to a plugin are declared in these.curity.identityserver.sdk.service package. Some services may be implemented and
provided by other plugins running on the server; which may create runtime dependencies between different plugins.
Lifecycle
Plugin lifecycle management is facilitated through aManagedObject associated with
the plugin through its descriptor.
Configuration
interfaces to provide extra information about configuration values.DataAccessProviders
a Data Access Provider plugin may provide implementations for.PluginDescriptor subtypes which may
be implemented by plugin authors to extend the functionality of the server.