If you have already configured identity provider (IdP) connections or IdP adapters to connect with third-party identity providers, you can enhance the HTML Form Adapter sign-on page with the option to authenticate with these providers.
Consider the following setup that you have already made.
- An HTML Form Adapter instance to validate local user credentials.
- An authentication policy contract.
- An IdP authentication policy that chains the HTML Form Adapter instance and an
authentication policy contract so that the policy contract can harness attribute
values returned by the HTML Form Adapter instance for multiple browser-based single
sign-on (SSO) use cases via service provider (SP) connections, OAuth authorization
code flow, and OAuth implicit flow. The following window capture illustrates your
existing policy.
- IdP connections or IdP adapter instances configured to connect with your third-party identity providers
- An authentication policy contract
- A local identity profile
- An HTML Form Adapter instance
- An IdP authentication policy
You need to enhance the sign-on experience by giving users the option to authenticate using their existing accounts at ACME, a major social network. It happens that you have already established an IdP connection to this social network.
Configuration steps:
You have now successfully added the option to authentication via ACME without enabling registration. When users sign on through this HTML Form Adapter instance, the following sign-on page is presented.
If you have added Facebook, Google, LinkedIn, and Twitter as the authentication sources, the following sign-on page is presented.
Users can sign on using their local accounts or third-party identity provider accounts.