Product SiteDocumentation Site

2.3.2. Multiple Authenticator Support

If your application requires multiple authentication methods, you can use multiple Authenticator implementations and decide which one should be used depending on some decision logic. For that, use a producer method annotated with @PicketLink to produce the desired Authenticator:
public class AuthenticatorSelector {

    @Inject Instance<CustomAuthenticator> customAuthenticator;
    @Inject Instance<IdmAuthenticator> idmAuthenticator;
    private String authenticator;
    public String getAuthenticator() {
        return authenticator;
    public void setAuthenticator(String authenticator) {
        this.authenticator = authenticator;

    public Authenticator selectAuthenticator() {
        if ("custom".equals(authenticator)) {
            return customAuthenticator.get();
        } else {
            return idmAuthenticator.get();
This @Named bean exposes an authenticationSelector.authenticator property that can be set by a user interface control in the view layer. If its value is set to "custom" then CustomAuthenticator will be used, otherwise IdmAuthenticator (the Authenticator used to authenticate using the Identity Management API) will be used instead. Another good example is when you need to choose the Authenticator based on a request header or parameter value.