Configure Login Forms

Overview

The phixflow-login.xml configuration file allows the operator to define different login form configurations with restricted login options e.g. Local only, Active Directory only, all options. The user can then choose the login for to be displayed by providing an extra parameter to the PhixFlow start URL, or accept the default.

There are 2 reasons for doing this:

  1. You have configured Local logins and Active Directory (or SAML / SIngle Sign-on) logins, and you want advanced users to see all login options but normal users to see only Active Directory or Single Sign-on.
  2. You want to enable SAML / Single Sign-on auto login. This logs you in automatically using your current logged-in Microsoft Windows credentials without displaying a login form, and cannot be mixed with other form options.

For information about Active Directory, see Configure Active Directory Integration via LDAP.

Configuration

If $webapp/WEB-INF/classes/phixflow-login.xml does not exist, create it by copying phixflow-login.xml.example.

If you are not configuring Active Directory or SAML / Single Sign-on integration, no changes are required.

Configuration for Active Directory or SAML / Single Sign-on

If you are configuring Active Directory or SAML / Single Sign-on integration:

Edit $webapp/WEB-INF/classes/phixflow-login.xml.

Find the loginConfiguration bean:

	<bean id="loginConfiguration"
		class="com.accipia.centerview.util.LoginConfiguration"
		p:defaultForm="local" />

The lines immediately following define 3 login forms:

Bean IdForm NameDescription
localLoginlocalLocal login only
fullLoginfullAll login options except auto
autoLoginautoSAML Single Sign-on without displaying a login form

You can add new forms and edit or delete any of these 3 examples, provided that you define at least one form and that the loginConfiguration's defaultForm (above) matches the name of one of the defined forms.

Login Form Details

Each login form has the same format:

	<!-- This login form allows all login methods to be selected -->
	<bean id="fullLogin"
		parent="parentLogin"
		p:name="full"
		p:localLogin="true"
		p:activeDirectoryLogin="true"
		p:samlLogin="true"
		p:samlLabel="Single Sign-on"
		p:defaultSelected="local" />

The options are:

PropertyDefaultDescription
idNoneA name reflecting the purpose of the form
parentparentLoginDo not change
namedefaultUsed when defining the default form or when selecting
localLoginfalseWhether the form should include local login
samlLoginfalseWhether the form should include SAML / Single Sign-on login
samlLabelSAMLThe label displayed against the SAML Single Sign-on option on the form
autoLoginfalse

Whether the user should be logged in via SAML / Single Sign-on without displaying the form.

This cannot be set in combination with any other xxxLogin option.

activeDirectoryLoginfalseWhether the form should include Active Directory login
defaultSelectednone

The login option that is selected by default when the form opens.

For local, this is 'local'
For SAML / Single Sign-on this is 'saml'
For Active Directory this is the active directory domain name

Setting the Default Login Form

  1. Edit the loginConfiguration bean (above).
  2. Set the defaultForm property to the name of the form that you want to be the default.

Starting PhixFlow with a non-default login form

To start PhixFlow with a non-default login form, append ?login=mylogin to the PhixFlow URL, where mylogin is the name of the login form, for example:

https://myserver.com/phixflow?login=full