Condition - user attribute validation

Hello
I try to configure additional validation during Authentication browser flow.
I have in my custom browser Authentication flow attached configuration:

My attribute is configuret undet Users → User details → Attributes

all1268×1570 93.7 KB

How to configure or change login page to use this validator ?

		 <div class="${properties.kcFormGroupClass!}">
                <div class="${properties.kcLabelWrapperClass!}">
                    <label for="organization" class="${properties.kcLabelClass!}">${msg("organization")}</label>
                </div>
                <div class="${properties.kcInputWrapperClass!}">
                    <input type="text" id="organization" name="organization" 
                           class="${properties.kcInputClass!}"
                           aria-invalid="<#if messagesPerField.existsError('organization')>true</#if>"
                    />

                    <#if messagesPerField.existsError('organization')>
                        <span  class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
                            ${kcSanitize(messagesPerField.get('organization'))?no_esc}
                        </span>
                    </#if>
                </div>
            </div>

The Conditional - user attribute authenticator is used to trigger a subflow.

If you negate the check (meaning anyone without the required organization attribute will trigger it) you can add a “Deny Access” authenticator under it. That should kick out any authentication attempt where the user does not have the required attribute.

I didn’t test it but I think the screenshot below is what you’re after (or something similar).

image1997×405 9.4 KB

This is the correct way of implementing the “conditional - User Attribute”. I have implemented it recently, and it works as described.