Social media selection form for Liberty

If multiple social media providers are configured to protect a request, WebSphere® Application Server Liberty provides a default social media selection form. The form offers you the option to choose between the available providers that are configured in the Liberty server to authenticate yourself for protected resource requests.

The options that appear on the default selection form are only the providers that are configured to protect the original resource request. Any providers that are not configured to protect the original request are not shown as options. Additionally, if only one provider is configured to protect a certain request, the selection page is not displayed. Instead, you are automatically redirected to that provider to authenticate.

Configuring authentication form for multiple-provider protected endpoints

In the following example, the facebookLogin and the twitterLogin elements are configured to protect all requests because they do not specify authentication filter references. The githubLogin element is configured to protect the helloworld endpoint by using an authentication filter reference. For more information about configuring authentication filters, see Authentication Filters.

<facebookLogin clientId="..." clientSecret="..." />
<twitterLogin consumerKey="..." consumerSecret="..." />
<githubLogin clientId="..." clientSecret="..." authFilterRef="filter_helloworld" />
<authFilter id="filter_helloworld">
  <requestUrl id="myRequestUrl" urlPattern="helloworld" matchType="contains" />
</authFilter>

Assume that the Liberty server offers a web application available at the /acme endpoint. When you attempt to access the /acme endpoint, you see the default selection page with options for Facebook and Twitter. Facebook and Twitter protect all endpoints, so they are included as authentication options in the selection page. The GitHub provider is not configured to protect this endpoint, so it is excluded from the selection form for this request.

Next, assume that the server offers a web application available at the /helloworld endpoint. When you attempt to access the /helloworld endpoint, you see the default selection page with options for Facebook, Twitter, and GitHub. Similar to the first example, Facebook and Twitter protect all endpoints, so they are included as authentication options in the selection page. GitHub is configured to protect this particular endpoint, so it is included as an authentication option.

Configuring authentication form for single-provider protected endpoints

In the following example, the Facebook and Twitter login configurations are removed, so no social media providers protect all endpoints. A new linkedinLogin element is added and protects the helloworld endpoint. Similarly, a new googleLogin element is added and is configured to the protect the snoop endpoint.

<githubLogin clientId="..." clientSecret="..." authFilterRef="filter_helloworld" />
<linkedinLogin clientId="..." clientSecret="..." authFilterRef="filter_helloworld" />
<googleLogin clientId="..." clientSecret="..." authFilterRef="filter_snoop" />
<authFilter id="filter_helloworld">
   <requestUrl id="myRequestUrl" urlPattern="helloworld" matchType="contains" />
</authFilter>
<authFilter id="filter_snoop">
   <requestUrl id="myRequestUrl" urlPattern="snoop" matchType="contains" />
</authFilter>

As you attempt to access the helloworld endpoint, you see the default selection page with options for GitHub and LinkedIn. GitHub and LinkedIn are configured to protect this particular endpoint, so they are included as authentication options. However, Google is not configured to protect this endpoint, so it is excluded as an option for this request.

Next, assume that the server offers a web application available at the snoop endpoint. When you attempt to access the snoop endpoint, you are redirected to Google without the selection displayed because Google is the only provider that is configured to protect this endpoint.

Note: For the socialLogin-1.0 feature, the default social media selection form might not work properly in Internet Explorer on the Windows Server 2012 operating system. When you choose a provider and the form is submitted, Internet Explorer might submit the displayed button text as the default value instead of the HTML value that is configured for the button. As a result, you might need to use a different web browser. Browsers other than Internet Explorer function correctly with the default selection form.