Configuring a custom form login page

Liberty provides the ability to define a custom form login page for users to submit authentication credentials.

About this task

You can customize your own custom form login page, but you must implement this page in the required form-based authentication format as specified in the Servlet 3.0 specification. In all forms, the action on the form element must be j_security_check. The action must use the j_username input field to get the user name and the j_password input field to get the user password in forms supporting authentication schemes that require a user name and password. The custom form login page must be provided as an unprotected web resource. You can set this login page at the global server level, which applies to all applications deployed to the server. Alternatively, you can specify the login page for individual applications.

Note: Make sure that any files included in your form-login page (such as external style sheets, or images) are unprotected.

Procedure

  1. Specify the following form elements in the form login page that expects a user name and password. 
    <FORM action="j_security_check" method="POST">
  User name: <INPUT type="text" name="j_username"><br>
  Password: <INPUT type="password" name="j_password"><br>
  <INPUT type="submit" name="action" value="Login">
</FORM>
  2. Configure the login form for use by applications on the server.

    Two possible configurations exist for a form login page in an application that is deployed to the server. You can configure the custom login page for use in a single application, or you can configure the page as a global login form that is used for all applications that are deployed to the server.

    1. Configure a login form for a single application.
      You can configure individual applications to direct users to a specific form login page by configuring the web.xml file that is packaged with the application.

      Specify the path to the login page in the web.xml file that is packaged with the application; for example:

      <login-config>
   <auth-method>FORM</auth-method>
   <realm-name>MyRealm</realm-name>
   <form-login-config id="FormLoginConfig_1">
      <form-login-page>login.jsp</form-login-page>
      <form-error-page>loginError.jsp</form-error-page>
   </form-login-config>
</login-config>

      To see how to customize and package a form login page, refer to Customizing web application login.

    2. Configure a global login form and an error page that includes the root context.
      Both pages must be part of a WAR file. If a form login application does not specify the form login and the error page in the web.xml file, the following global settings are used:
      <webAppSecurity loginFormURL="myGlobalFormLogin/myLogin.jsp" loginErrorURL="myGlobalErrorPage/myError.jsp"/>
  3. Optional: Configure a custom form login page for OpenID.
  4. Optional: Configure a custom form login page for OAuth.