The Authentication Context Class Reference (ACR) that this authenticator supports
account-domain
leafref
optional
Optional domain in which accounts are stored
description
string
optional
A readable description of the Authenticator, for User presentation, can be a locale key
sso-expiration-time
uint32
optional
This controls the expiration time for this specific authenticator. If this is not set, the value set on the profile will be used instead.A common scenario is to allow some factors to have longer lifetimes than others, which is accomplished by setting this value on the authenticator in question
sso-inactivity-timeout
uint32
optional
The maximum time an SSO session created by this authenticator will be valid without being used. If this value is not set, then the profile value will be used (if set there).
previous-authenticator
leafref
optional
Optional authenticator (or any from a group) that the user must authenticate with prior to this one
purpose
union
optional
A category of usage that this authenticator instance is intended for.
exclude-from-metadata
boolean
optional
false
Whether or not the authenticator should be excluded from the OAuth and OpenID Connect metadata (“acr_values_supported” attribute) of a token profile linked to this authentication profile
template-area
non-empty-string
optional
cross-site-block-enabled
boolean
optional
Enables the unsafe (e.g. POST) cross-site requests blocking mechanism. Blocks cross-site requests (those originating from a different or third-party domain) with an unsafe method from being accepted, except for endpoints the explicitly allow it. Disabling this feature can help with interoperability but does pose security risks, and should only be enabled if strictly required.