The orchestrator can be used to manage authentication and authorization for many different kinds of applications. The configurations used to describe these applications and how user identities interact with them are listed under apps . Proxy applications are protected by an …

- "os/exec" /etc/maverics/extensions/serve.go : package main import ( "os" "os/exec" "github.com/strata-io/service-extension/orchestrator" ) func Serve(api orchestrator.Orchestrator) error { logger := api.Logger() // Use the "os" package home := os.Getenv("HOME") logger.Debug …

Overview The Maverics Orchestrator can be configured to act as an SAML Provider, exposing standard endpoints for token issuance and user authentication. This allows modern applications to delegate authentication to Maverics, which in turn orchestrates identity across one or more …

To simplify application deployments, each application is now restricted to one user flow. You'll see this change in the following areas: When creating a new user flow the list of apps to choose will be limited to those that …

The Continuity Connector presents a graceful way to manage unplanned IDP outages without downtime. The connector can be used to detect outages with a given IDP and seamlessly failover to a backup IDP. When the primary IDP is determined to …

Runtime issues may occur after Maverics successfully starts-up. Typically, runtime issues are caused by misconfiguration, down dependent systems, and overloaded host machines. HTTP 400 Bad Request Symptoms User sees an error message in the browser with verbiage related to …

The Maverics Identity Orchestrator includes an HTTP server in order to consume and process requests for Apps and other endpoints. The server has various properties defined below that can be configured. Configuration options Address The address declares which address the …

Start orchestrator on the host Windows Linux Docker Mac OS The Windows installation configures the orchestrator service to auto-start after all other services have started. In Terminal navigate to the directory where you downloaded and unzipped the orchestrator binary …

oauthClientSecret: oauthLoginRedirect: urls: - https://host1.example.com/oidc - https://host2.example.com/oidc oauthLogoutRedirect: urls: - https://host1.example.com/logout - https://host2.example.com/logout disablePKCE: false scopes: openid profile email okta.users.read errorPage: https://example.com/error …

APIs are used primarily to expose custom HTTP endpoints on the Orchestrator server. These HTTP endpoints can serve custom HTML pages or help facilitate arbitrary identity flows. The API extensions can also be used for other tasks such as running …

Log filtering You can now add filters to suppress log messages from Observability Settings. Each filter defines a function that will be used to test potential log output. If any filter finds a match in any of the elements of …

Feature Updates Dashboard You can sort and name search for applications, identity fabric, and user flows from the dashboard. Resolved Issues Identity Fabric Continuity: Resolved issues in Identity Service Health Monitoring not generating the correct config for custom endpoints and …

determine if a request to an upstream application is authenticated and to be able to log in to an upstream app. Such situations are common when an app manages its own sessions or directly authenticates against a backing data store …

New Features SAML Provider You can now set a file path on host to the SAML Private Key and SAML Public Key (Certificate) Orchestrator Update Required To use this feature you need update to Orchestrator version 2025.06.4 or …

Released on 2025.09.08 Resolved Issues Fixed an issue that prevented the Orchestrator from starting when loading configuration bundles larger than 1 MB from a GitHub repository.

2025-04-16 New features Logging enhancements Logs in the following identity services have been updated to include traceID and service attributes: 1Kosmos PingFederate SAML Windows Client Authenticator (WCA) WSO2 API service extension logs have been updated to include traceID …

The Maverics TAI module is a WebSphere Trust Association Interceptor (TAI). This module validates that the request comes from a legitimate third-party authentication proxy, reads in a users' identity from the request header, and returns either a distinguished name …

New Features Identity Fabric You can now perform a name search from the Identity Fabric List and on creation. Click to enlarge

Overview Configure Maverics to use CyberArk as an identity provider using the OpenID Connect (OIDC) protocol. Identity Fabric→CyberArk (OIDC)→Configure Identity Fabric→Use for authentication in a user flow Configure Identity Fabric Use a Secret Provider Strata recommends implementing …

value. For users that cannot scan a QR code, the dynamic link will be available in the QRDynamicLink template value. For users for whom the dynamic link does not work, the QRFallbackCode template value can be entered manually in the …