Show Table of Contents
13.7.6. Configure Dynamic Account Chooser at a Service Provider
Prerequisites:
If a Service Provider (SP) is configured with multiple Identity Providers (IDPs), PicketLink can be configured to prompt the user to choose which IDP to use to authenticate their credentials.
Procedure 13.4. Configure Dynamic Account Chooser at a Service Provider
- Configure the account chooser valve in
jboss-web.xmlin theWEB-INFdirectory of your SP web application.Example 13.16.
jboss-web.xmlFile Configuration for SP Account Chooser<jboss-web> <security-domain>sp</security-domain> <context-root>accountchooser</context-root> <valve> <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.AccountChooserValve</class-name> </valve> <valve> <class-name>org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator</class-name> </valve> </jboss-web>AccountChooserValvehas the following configurable options:- DomainName
- The domain name to be used for the cookie that is sent to the user's browser.
- CookieExpiry
- The cookie expiry in seconds. Default is
-1, which means the cookie expires when the browser is closed. - AccountIDPMapProvider
- The fully-qualified name of the implementation for IDP Mapping. Default is a properties file
idpmap.propertiesin theWEB-INFdirectory of your SP web application. This implementation must implementorg.picketlink.identity.federation.bindings.tomcat.sp.AbstractAccountChooserValve.AccountIDPMapProvider. - AccountChooserPage
- The name of the HTML/JSP page for listing the different IDP accounts. Default is
/accountChooser.html.
- Define the mapping for the IDPs. By default, this is a properties file
idpmap.propertiesin theWEB-INFdirectory of your SP web application.Example 13.17.
idpmap.propertiesConfigurationDomainA=http://localhost:8080/idp1/ DomainB=http://localhost:8080/idp2/
- Create a HTML page in your SP web application for the user to choose the IDP. By default, this file is
accountChooser.html. The URL to each of IDP must have the parameteridpthat specifies the name of the IDP listed inidpmap.properties.Example 13.18.
accountChooser.htmlConfiguration<html> ... <a href="?idp=DomainA">DomainA</a> <hr/> <a href="?idp=DomainB">DomainB</a> ... </html>
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.