Customizing an authentication login form for single sign-on

Customize an authentication login form by adding parameters to a WebSphere® or WebSEAL point of contact server profile.

When a user requests access to a single sign-on federation, the identity provider initiates single sign-on by authenticating the user. To authenticate the user, the identity provider uses a point of contact server to display a forms-based login page.

When an identity provider participates in multiple federations or hosts multiple partners in one federation, the administrator can customize the default login form.

As administrator, you can customize:

• The login page based on the contents of the requests sent by the service providers.
• The look and feel of the login form.
• The type of authentication required.
• The login pages for WebSEAL and WebSphere point of contact servers.

To customize the login page, use the Tivoli® Federated Identity Manager administration console to configure a new point of contact server profile. In the new profile, add a parameter to the authentication callback, and specify one or more values for the parameter.

Tivoli Federated Identity Manager provides some parameters which are always available and consistent across all federation types and some which are specific to the type of federation.

The protocols which support protocol-specific parameters are:

• SAML 1.x
• SAML 2
• OpenID

The set of defined values are described in Supported macros for customizing an authentication login form.

Task overview:

1. Review the supported values for your protocol type, and identify the ones you want to use. See Supported macros for customizing an authentication login form.
2. Create a new point of contact server profile. See Configuring a point of contact server to support customization of login pages.