Social media selection form for Liberty
If multiple social media providers are configured to protect a request, WebSphere® Application Server Liberty provides a default social media selection form. The form offers you the option to choose between the available providers that are configured in the Liberty server to authenticate yourself for protected resource requests.
The options that appear on the default selection form are only the providers that are configured to protect the original resource request. Any providers that are not configured to protect the original request are not shown as options. Additionally, if only one provider is configured to protect a certain request, the selection page is not displayed. Instead, you are automatically redirected to that provider to authenticate.
Configuring authentication form for single-provider protected endpoints
In the following example, the Facebook and Twitter login configurations are removed, so no social
media providers protect all endpoints. A new linkedinLogin
element is added and
protects the helloworld
endpoint. Similarly, a new googleLogin
element is added and is configured to the protect the snoop
endpoint.
<githubLogin clientId="..." clientSecret="..." authFilterRef="filter_helloworld" />
<linkedinLogin clientId="..." clientSecret="..." authFilterRef="filter_helloworld" />
<googleLogin clientId="..." clientSecret="..." authFilterRef="filter_snoop" />
<authFilter id="filter_helloworld">
<requestUrl id="myRequestUrl" urlPattern="helloworld" matchType="contains" />
</authFilter>
<authFilter id="filter_snoop">
<requestUrl id="myRequestUrl" urlPattern="snoop" matchType="contains" />
</authFilter>
As you attempt to access the helloworld
endpoint, you see the default selection
page with options for GitHub and LinkedIn. GitHub and LinkedIn are configured to protect this
particular endpoint, so they are included as authentication options. However, Google is not
configured to protect this endpoint, so it is excluded as an option for this request.
Next, assume that the server offers a web application available at the snoop
endpoint. When you attempt to access the snoop
endpoint, you are redirected to
Google without the selection displayed because Google is the only provider that is configured to
protect this endpoint.
socialLogin-1.0
feature, the default social media selection form
might not work properly in Internet Explorer on the Windows
Server 2012 operating system. When you choose a provider and the form is submitted, Internet
Explorer might submit the displayed button text as the default value instead of the HTML value that
is configured for the button. As a result, you might need to use a different web browser. Browsers
other than Internet Explorer function correctly with the default selection form.
Configuring authentication form for multiple-provider protected endpoints
In the following example, the
facebookLogin
and thetwitterLogin
elements are configured to protect all requests because they do not specify authentication filter references. ThegithubLogin
element is configured to protect thehelloworld
endpoint by using an authentication filter reference. For more information about configuring authentication filters, see Authentication Filters.Assume that the Liberty server offers a web application available at the
/acme
endpoint. When you attempt to access the/acme
endpoint, you see the default selection page with options for Facebook and Twitter. Facebook and Twitter protect all endpoints, so they are included as authentication options in the selection page. The GitHub provider is not configured to protect this endpoint, so it is excluded from the selection form for this request.Next, assume that the server offers a web application available at the
/helloworld
endpoint. When you attempt to access the/helloworld
endpoint, you see the default selection page with options for Facebook, Twitter, and GitHub. Similar to the first example, Facebook and Twitter protect all endpoints, so they are included as authentication options in the selection page. GitHub is configured to protect this particular endpoint, so it is included as an authentication option.