Configure Login Forms
Overview
The phixflow-login.xml configuration file allows the operator to define different login form configurations with restricted login options e.g. Local only, Active Directory only, all options. The user can then choose the login for to be displayed by providing an extra parameter to the PhixFlow start URL, or accept the default.
There are 2 reasons for doing this:
- You have configured Local logins and Active Directory (or SAML / SIngle Sign-on) logins, and you want advanced users to see all login options but normal users to see only Active Directory or Single Sign-on.
- You want to enable SAML / Single Sign-on auto login. This logs you in automatically using your current logged-in Microsoft Windows credentials without displaying a login form, and cannot be mixed with other form options.
For information about Active Directory, see Configure Active Directory Integration.
Configuration
If $webapp/WEB-INF/classes/phixflow-login.xml does not exist, create it by copying phixflow-login.xml.example.
If you are not configuring Active Directory or SAML / Single Sign-on integration, no changes are required.
Configuration for Active Directory or SAML / Single Sign-on
If you are configuring Active Directory or SAML / Single Sign-on integration:
Edit $webapp/WEB-INF/classes/phixflow-login.xml.
Find the loginConfiguration bean:
<bean id="loginConfiguration" class="com.accipia.centerview.util.LoginConfiguration" p:defaultForm="local" />
The lines immediately following define 3 login forms:
Bean Id | Form Name | Description |
---|---|---|
localLogin | local | Local login only |
fullLogin | full | All login options except auto |
autoLogin | auto | SAML Single Sign-on without displaying a login form |
You can add new forms and edit or delete any of these 3 examples, provided that you define at least one form and that the loginConfiguration's defaultForm (above) matches the name of one of the defined forms.
Login Form Details
Each login form has the same format:
<!-- This login form allows all login methods to be selected --> <bean id="fullLogin" parent="parentLogin" p:name="full" p:localLogin="true" p:activeDirectoryLogin="true" p:samlLogin="true" p:samlLabel="Single Sign-on" p:defaultSelected="local" />
The options are:
Property | Default | Description |
---|---|---|
id | None | A name reflecting the purpose of the form |
parent | parentLogin | Do not change |
name | default | Used when defining the default form or when selecting |
localLogin | false | Whether the form should include local login |
samlLogin | false | Whether the form should include SAML / Single Sign-on login |
samlLabel | SAML | The label displayed against the SAML Single Sign-on option on the form |
autoLogin | false | Whether the user should be logged in via SAML / Single Sign-on without displaying the form. This cannot be set in combination with any other xxxLogin option. |
activeDirectoryLogin | false | Whether the form should include Active Directory login |
defaultSelected | none | The login option that is selected by default when the form opens. For local, this is 'local' |
Setting the Default Login Form
- Edit the loginConfiguration bean (above).
- Set the defaultForm property to the name of the form that you want to be the default.
Starting PhixFlow with a non-default login form
To start PhixFlow with a non-default login form, append ?login=mylogin
to the PhixFlow URL, where mylogin
is the name of the login form, for example:
https://myserver.com/phixflow?login=full