Authentication & authorization
17.3.1.1. Authentication & Authorization UI

The plugin Authentication & Authorization UIs defines the UIs for one or more authentication flows.

Prerequisite

The authentication flows, i.e. the REST services, are configured in Loginapp >> REST API Configuration >> Authentication API Settings.

The UI for each flow is configured as follows. Please also refer to the documentation in the Config Editor - it may contain additional information, especially for properties not listed here. 

Property
Description
Target Application ID
References the target application, i.e. REST service configuration, that the UI configuration refers to.
Usually, this is the only property required. The UI is automatically inferred from the referenced authentication flow and its steps.
Tipps:
  • Make sure there is a UI configuration for the default target application.
  • Make sure there is a UI configuration for each authentication flow you intend to use the Loginapp REST UI  for.
  • If no UI is configured for an authentication flow, a "not found (404)" page is shown.
Customized Step UIs
Used to configure UIs for custom authentication steps or to customize the build-in UIs for built-in steps.
Examples Custom configuration for "Password Authentication User Interface" in order to add a custom self-registration link and/or a "forgot password" link on the login page.

URLs for Login Web UI

The login UI is reached using the following URLs:

URL
Description
<loginapp-uri>/ui/app/auth
Starts the default authentication flow.
<loginapp-uri>/ui/app/auth/application/access/<ID>
Starts the flow with the specified flow ID.
<loginapp-uri>/ui/app/auth/application/access?Location=https%3A%2F%2Fwww.myapp.example.com
The UI looks up the flow ID using the "Application Selector"s configured in the target application configuration and then starts the flow for the (first) matching "Location" URL.

Example:

128663867.png

The /check-login entry point of the JSP-Loginapp also works with the Loginapp REST UI if (and only if) the JSP-Loginapp is not configured (no Loginapp >> Authentication Settings present in the configuration).

Make sure to enable Loginapp >> Miscellaneous Settings >> Keep Location Parameter: the setting ensures that a target application URL passed to /check-login as Location parameter is preserved for the Loginapp REST UI.

Note that this option does not work correctly due to a bug in IAM versions up to (including) IAM 7.4.2.