Lookup Account
The lookup account authentication action uses the current subject attributes to lookup an account on an account manager and then adds it to the action's output attributes. The name of the input subject attribute to use for the lookup is configurable, as well as the lookup criteria (e.g. username, email, phone number). If an account is found, the account information is added to an `account` attribute on a configurable location (e.g. subject attributes, context attributes, or action attributes).
| Configuration | Mandatory | Description |
|---|---|---|
account-manager | Yes | The account manager that will be used to retrieve the user’s account attributes from the datasource. |
abort-authentication-if-user-not-found | No | If true, the action plugin aborts the authentication flow if the looked up user is not found in the underlying datasource. Defaults to false. |
source-attribute-name | No | The subject attribute to be used by the lookup method for searching the user. Default is subject. |
lookup-method | No | The method to be used for looking up the user. Supported methods are by-username, by-email, by-phone. Default is by-username. |
Back-channel support#
This action can be used in back-channel authentication.