PhixFlow Help

PhixFlow Login Configuration Guide

Owned by Adam Campbell
Sept 26, 2018
3 min read

If you wish to log in to PhixFlow with any method other than local username and password, you will have to configure phixflow-login.xml to allow alternate login forms to the default provided.

This page describes how to configure the login forms:

Configure phixflow-login.xml

Login forms are  configured in the file phixflow-login.xml, under [tomcat root]/webapps/phixflow/WEB-INF/classes. When you first install PhixFlow, you probably created a copy of this file by simply copying the example file phixflow-login.xml.example (see Install PhixFlow Webapp).


Here is the section of the phixflow-login.xml that this page is concerned with 

 <!-- The following beans allow you to configure which login options are available and which configuration is the default   -->

	<bean id="loginConfiguration"
		class="com.accipia.centerview.util.LoginConfiguration"
		p:configurations-ref ="configurationsList"
		p:defaultForm="localOnly"
		/>
		
	<util:list id="configurationsList" list-class="java.util.ArrayList">
		<ref bean="localOnlyLoginConfiguration"/>
		<!--<ref bean="sAMLOnlyLoginConfiguration"/>
		<ref bean="activeDirectoryLoginConfiguration"/>
		<ref bean="activeDirectoryOnlyLoginConfiguration"/>
		<ref bean="sAMLAndLocalLoginConfiguration"/>
		<ref bean="sAMLAutoLoginConfiguration"/>-->
	</util:list>
	
	
	<!-- The Configuration that only has local login -->
	<bean id="localOnlyLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="localOnly"
		p:localLogin="true"
		p:defaultSelected="local"
		/>
		
	<!-- The configuration that only has SAML login configuration -->	
	<bean id="sAMLOnlyLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="SAMLOnly"
		p:sAMLLogin="true"
		p:sAMLLabel="A different SAML label"
		p:defaultSelected="SAML"
		
		/>	
		
	<!-- The configuration that allows active directory or local login -->	
	<bean id="activeDirectoryLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="activeDirectoryLogin"
		p:localLogin="true"
		p:activeDirectoryLogin="true"
		p:defaultSelected="local"
		/>	
		
	<!--  The configuration that allows only active directory login -->	
	<bean id="activeDirectoryOnlyLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="activeDirectoryOnlyLogin"
		p:activeDirectoryLogin="true"
		p:defaultSelected=""
		/>	
		
	<!--  The configuration that allows either local or SAML login -->	
	<bean id="sAMLAndLocalLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="SAMLandLocal"
		p:localLogin="true"
		p:sAMLLogin="true"
		p:sAMLLabel="SAMLLabel"
		p:defaultSelected="local"
		/>		

	<!-- The configuration that allows only SAML login and opening PhixFlow will automatically take you to
		 the identity provider rather than to the PhixFlow login page -->
	
	<bean id="sAMLAutoLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="SAMLAUTO"
		p:sAMLLogin="true"
		p:autoLogin="true"
		/>

This section can broadly be separated into two sections: general login and specific configurations. First we will look at the general login configuration

  	<bean id="loginConfiguration"
		class="com.accipia.centerview.util.LoginConfiguration"
		p:configurations-ref ="configurationsList"
		p:defaultForm="localOnly"
		/>
		
	<util:list id="configurationsList" list-class="java.util.ArrayList">
		<ref bean="localOnlyLoginConfiguration"/>
		<!--<ref bean="sAMLOnlyLoginConfiguration"/>
		<ref bean="activeDirectoryLoginConfiguration"/>
		<ref bean="activeDirectoryOnlyLoginConfiguration"/>
		<ref bean="sAMLAndLocalLoginConfiguration"/>
		<ref bean="sAMLAutoLoginConfiguration"/>-->
	</util:list>

In order to choose which login form is presented to the users by default, change the "p:defaultForm" property to the name of the login configuration form that you would like your users to see. Also here we have the configurations list which presents a set of possible login configurations that users will be able to access through this phixflow instance. This can be done by entering loginForm="<<nameOfLoginForm>>" as a command entry in the URL. Each of these beans is listed in the phixflow-login.xml with a short description above it. Simply uncomment the beans that you would like to use. For example if you would like your users to be presented with a login Form that has Active directory or local logins by default configure the file to look like this: 

  	<bean id="loginConfiguration"
		class="com.accipia.centerview.util.LoginConfiguration"
		p:configurations-ref ="configurationsList"
		p:defaultForm="activeDirectoryLoginConfiguration"
		/>
		
	<util:list id="configurationsList" list-class="java.util.ArrayList">
		<ref bean="localOnlyLoginConfiguration"/>
		<!--<ref bean="sAMLOnlyLoginConfiguration"/>-->
		<ref bean="activeDirectoryLoginConfiguration"/>
		<!--<ref bean="activeDirectoryOnlyLoginConfiguration"/>
		<ref bean="sAMLAndLocalLoginConfiguration"/>
		<ref bean="sAMLAutoLoginConfiguration"/>-->
	</util:list>

Note that in this case a login screen without any active directory login could be forced by going to <<yourPhixfFlowLocation>>/PhixFlow/start.html?loginForm=localOnly.


Second are the configurations themselves which look like this 

  <bean id="sAMLAndLocalLoginConfiguration"
		class="com.accipia.centerview.util.LoginFormConfiguration"
		p:name="SAMLandLocal"
		p:localLogin="true"
		p:sAMLLogin="true"
		p:sAMLLabel="SAMLLabel"
		p:defaultSelected="local"
		/>

There are several things to consider for these configurations. First there is the name, this name is used both by the logConfiguration section to decide which form to display by default, and by the command line to override the default by specifying this name. Next there is a list of the login options that are available from this configuration. The example above has options for SAML login or local login. The next option "p:sAMLLabel" is only relevant for SAML and controls the label for that option on the login form. For local login the label is always local login and for active directory login the label is the name of the active directory domain. Finally we have the "p:defaultSelected" property. This specifies which of the possible login options you would like to start selected. The possible options here are "local", "SAML", the name of any active directory domain and "systemDefault". If systemDefault is the default selected then the login form will use the value you have selected in the system configuration under "Default Domain" to decide which should be selected. 

Please let us know if we could improve this page feedback@phixflow.com