Identity Server SDK 9.2.1 API
Curity Identity Server SDK
Plugin Types
The type of a plugin defines what functionality it adds to the Server at runtime. A plugin declares its type by implementing one of the subtypes ofPluginDescriptor
.
Authorization Manager
An Authorization Manager plugin provides an implementation ofAuthorizationManager
.
Authorization Manager plugins are described by a AuthorizationManagerPluginDescriptor
.
Data Access Provider
A Data Access Provider plugin provides one or moreDataAccessProvider
implementations.
Data Access Provider plugins implement the DataAccessProviderPluginDescriptor
interface. Samples can be
found on GitHub.
SMS Sender
An SMS plugin provides anSmsSender
service, used for sending SMS messages.
SMS sender plugins implement the SmsPluginDescriptor
interface.
Samples can be found on GitHub.
Email Sender
An email sender plugin provides aEmailer
service, and is used to send
email messages.
Email sender plugins implement the EmailProviderPluginDescriptor
interface. Samples can be found on GitHub.
Authenticator
An Authenticator plugin is described by aAuthenticatorPluginDescriptor
.
They provide handlers for anonymous requests (such that users can, for example, access login and registration pages), as well as handlers of the actual logic for authentication and registration. Samples can be found on GitHub.
Back-channel Authenticator
A back-channel authenticator is used to authenticate a user when the OpenID Connect Client-initiated Back-channel Authentication (CIBA) protocol is used.
Back-channel authenticators are described by the BackchannelAuthenticatorPluginDescriptor
.
An example can be found on GitHub.
Authentication Action
An Authentication Action plugin is described byAuthenticationActionPluginDescriptor
.
These type of plug-ins provide the "steps" within a workflow that execute after login or SSO. Samples can be found on GitHub.
Event Listener
AnEventListener
plugin allows arbitrary custom logic to run in response
to an Event
being published.
The EventListenerPluginDescriptor
class describes this type of plugin.
Samples can be found on GitHub.
Consentors and Signing Consentors
A consentor is a plugin that runs after user consent has taken place in an OAuth flow. It implements additional
logic that verifies the consent prior to it being granted. A specialized type of consentor is a Signing
Consentor. Because this specialization is so common, a subtype exists to simplify the development of this kind
of consentor. A general consentor plugin will implement the ConsentorPluginDescriptor
interface and signing consentors will
implement SigningConsentorPluginDescriptor
. Samples can be found on GitHub.
Claims Provider
When tokens are issued and claims need to be added to them, the values can be obtained from Claims Providers.
This kind of plugin will implement the ClaimsProvider
interface.
This is made know to the run-time environment by implementing an instance of the ClaimsProviderPluginDescriptor
interface.
Alarm Handler
When an alarm is raised for the first time, its severity changes, or when it is cleared, the Alarm Handler is invoked.
This kind of plugin will implement the AlarmHandlerPluginDescriptor
interface.
It can choose to handle the alarm directly itself, or forward the message to some other system (e.g., a NMS or NOC).
An Alarm Handler that forwards the alarm info rather than handling it directly, is referred to as an Alarm Notifier.
Configuration
Plugins can be configured through the same user interfaces provided for administrating the standard components of the server.
A plugin defines its configuration by declaring an interface extending the Configuration
interface in its descriptor.
Services
Services provided to a plugin are declared in these.curity.identityserver.sdk.service
package. Some services may be implemented and
provided by other plugins running on the server; which may create runtime dependencies between different plugins.
Lifecycle
Plugin lifecycle management is facilitated through aManagedObject
associated with
the plugin through its descriptor.
Configuration
interfaces to provide extra information about configuration values.DataAccessProvider
s
a Data Access Provider plugin may provide implementations for.PluginDescriptor
subtypes which may
be implemented by plugin authors to extend the functionality of the server.