An authenticator accepting a nonce issued by the token profile for the purpose of native SSO. It is made to work similar to OpenID Connect Native SSO, but using the Hypermedia Authentication API instead of token exchange.

This is just a demo of the capability and is not production ready.

Configure the token endpoint to issue a nonce together with the issued tokens. Similar to following:

var nonceIssuer = context.getNonceTokenIssuer('default');
var nonceAttributes = {};
nonceAttributes.subject = context.subjectAttributes();
nonceAttributes.context = context.contextAttributes();
nonceAttributes.created = accessTokenData.iat;
nonceAttributes.expires = refreshTokenData.exp;

You can build the plugin by issue the command ./gradlew packageJar. This will produce a folder in the build directory with the plugin JAR file and all the dependencies needed called authenticators.device-secret, which can be installed.

To install the plugin, copy the contents of the authenticators.device-secret folder into ${IDSVR_HOME}/usr/share/plugins on each node, including the admin node. For more information about installing plugins, refer to the curity.io/plugins. If you are installing on the same machine, make sure that IDSVR_HOME is correctly exported in your shell, and iss ./gradlew deploy to build and copy the correct files.

Please visit curity.io for more information about the Curity Identity Server.