Configuring IDP Select Class

Access Manager helps your service provider in selecting the identity provider for authenticating a user. You can accomplish this by configuring the Introductions class. This configuration enables users to select an identity provider from a list of available identity providers. However, when a common domain is not available, the Introductions class might not authenticate. In such cases, you can configure the IDP Select Class. When this class is configured, a user can authenticate by using an identity provider contract from a list of identity providers and save this selection. To save this selection, select the Remember Me option. Next time onwards, when the user logs in, the user is automatically redirected to the specific identity provider for authentication. The contract selection is stored in the browser cookie until the cookie expires or someone clears the cookie.

IMPORTANT:The Remember Me option does not work when running the application in the incognito or private mode.

Perform the following steps to configure IDP Select Class:

  1. Click Devices > Identity Servers > Edit > Local > Classes.

  2. Click New, then specify the following details:

    Display name: Specify a name for the class.

    Java class: Select IDP Select Class.

  3. Click Next.

  4. (Optional) Click New to add properties.

    Property Name: Specify COOKIE_NAME.

    Property Value: Specify a cookie name. If you do not specify any value, a cookie name _idp_select_ is created by default.

  5. Click OK.

  6. (Optional) Click New to add another property.

    Property Name: Specify COOKIE_EXPIRY_TIME_IN_DAYS.

    Property Value: Specify a numerical value. This property will decide the cookie lifetime. Default value is 365 days.

  7. Click OK > Finish.

  8. Continue with creating a method for this class. For configuration information, see Section 5.1.3, Configuring Authentication Methods.

    IMPORTANT:Do not select the Identifies User option.

  9. Create a contract for this class. For configuration information, see Section 5.1.4, Configuring Authentication Contracts.

  10. After the contract is configured, it appears in the list of contracts on the login page.

    IMPORTANT:Do not assign this contract as the default identity provider contract.