Search
SupportConsoleDevelopersStart a trialContact

15.7.6. Configure Dynamic Account Chooser at a Service Provider

download PDF

Prerequisites:

If a Service Provider (SP) is configured with multiple Identity Providers (IDPs), PicketLink can be configured to prompt the user to choose which IDP to use to authenticate their credentials.

Procedure 15.4. Configure Dynamic Account Chooser at a Service Provider

  1. Configure the account chooser valve in jboss-web.xml in the WEB-INF directory of your SP web application.

    Example 15.16. jboss-web.xml File Configuration for SP Account Chooser

    <jboss-web>
  <security-domain>sp</security-domain>
  <context-root>accountchooser</context-root>
  <valve>
    <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.AccountChooserValve</class-name>
  </valve>
  <valve>
    <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator</class-name>
  </valve>
</jboss-web>
    AccountChooserValve has the following configurable options:
    DomainName
    The domain name to be used for the cookie that is sent to the user's browser.
    CookieExpiry
    The cookie expiry in seconds. Default is -1, which means the cookie expires when the browser is closed.
    AccountIDPMapProvider
    The fully-qualified name of the implementation for IDP Mapping. Default is a properties file idpmap.properties in the WEB-INF directory of your SP web application. This implementation must implement org.picketlink.identity.federation.bindings.tomcat.sp.AbstractAccountChooserValve.AccountIDPMapProvider.
    AccountChooserPage
    The name of the HTML/JSP page for listing the different IDP accounts. Default is /accountChooser.html.
  2. Define the mapping for the IDPs. By default, this is a properties file idpmap.properties in the WEB-INF directory of your SP web application.

    Example 15.17. idpmap.properties Configuration

    DomainA=http://localhost:8080/idp1/
DomainB=http://localhost:8080/idp2/
  3. Create a HTML page in your SP web application for the user to choose the IDP. By default, this file is accountChooser.html. The URL to each of IDP must have the parameter idp that specifies the name of the IDP listed in idpmap.properties.

    Example 15.18. accountChooser.html Configuration

    <html>
  ...
  <a href="?idp=DomainA">DomainA</a>
  <hr/>
  <a href="?idp=DomainB">DomainB</a>
  ...
</html>
Report a bug
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.