Registering a control authenticator

Required permissions:authenticate, register_handler

A client can register an authenticator that can be called when a client connects to Diffusion™ Cloud or changes the principal and credentials it is connected with.

The authenticator can decide whether a client's authentication request is allowed or denied, or the authenticator can abstain from the decision, in which case the next configured authenticator is called.

A client can propose session properties when it connects. If the authenticator allows a client's authentication request, it can choose to set the proposed properties.

The authenticator can set any user-defined session property, and some fixed session properties, such as the $Roles and $ExpiryTime session properties.

For more information about authentication and role-based security, see Authentication.