Custom Form Login SSO how-to


One of the most important abilities of IAG is the single sign on, which lets connecting users access to internal applications without having to re-type their username and password. IAG contains multiple SSO mechanisms, but on some occasions, one might be required to create a custom one. The process of creating a custom login is thoroughly documented in Appendix C of the advanced user guide (Page 381), as well as here (http://technet.microsoft.com/en-us/library/dd282925.aspx), but here’s a summary of this procedure that should be easier to follow for creating simple customizations.

The 1st step is to gather some details about the application. The details are:

1. Application Type. This parameter was selected when the application was initially published on IAG. To find it, look at the list of applications on the portal, and check what appears in “application type”

clip_image002

2. The internal URL of the login page.

3. The name of the username and password fields in the HTML form. For example:

<form id="quick" method="get" action="/dosearch.action">

<fieldset>

<legend>Quick Search</legend>

<input id="quick-search-query" type="text" accessKey="q" autocomplete="off" name="queryString" size="25"/>

<div class="form-block"><p><div class="steplabel" style="width: 150px;"><u>U</u>sername: </div>

<input type="text" name="uname" tabindex="1" accesskey="U" size="30"><br/></p>

<p><div class="steplabel" style="width: 150px;"><u>P</u>assword: </div>

<input type="password" name="pword" tabindex="2" accesskey="P" size="30">

<br/></p>

Using these details, a custom XML file needs to be created, and placed on the server. The syntax of the file is this:

<WHLFILTFORMLOGIN ver="1.0">

<APPLICATION>

<APPLICATION_TYPE>TYPE from step 1</APPLICATION_TYPE>

<USAGE description="form_login">

<PRIMARY_HOST_URL>URL from Step 2</PRIMARY_HOST_URL>

<SCRIPT_NAME source="data_definition">WhaleSubmitStandard</SCRIPT_NAME>

<USER_AGENT>

<AGENT_TYPE search="group">all_supported</AGENT_TYPE>

<POLICY>multiplatform</POLICY>

<SCRIPT_NAME source="data_definition">WhaleHandler</SCRIPT_NAME>

</USER_AGENT>

<MULTIPLE_LOGIN>true</MULTIPLE_LOGIN>

<LOGIN_FORM>

<NAME>loginform</NAME>

<METHOD>POST</METHOD>

<CONTROL handling="dummy_value">

<TYPE>USER_NAME</TYPE>

<NAME>Username field name from step 3</NAME>

<DEF_VALUE>whaleusr</DEF_VALUE>

</CONTROL>

<CONTROL handling="dummy_value">

<TYPE>PASSWORD</TYPE>

<NAME> Password field name from step 3</NAME>

<DEF_VALUE>whlpass</DEF_VALUE>

</CONTROL>

</LOGIN_FORM>

</USAGE>

</APPLICATION>

</WHLFILTFORMLOGIN>

When filling the URL portion, keep in mind that IAG uses RegEx to match URLs, so it would generally be a good idea to feed in a general mask, with RegEx parameters. For example, the URL http://crmserver/userenv/login.asp should be input as .*userenv/login\.asp

In the above example, we substitute .* for the server name, as “.*” in RegEx means “everything and anything”. Later, we slash-out the dot before asp, because a dot is an operator in RegEx.

Another thing to take into account is the Multiple Login parameter. In the above example, I’ve set it to TRUE, which means that the form will be submitted anytime the user goes to the same page. The purpose of this is to meet situations in which a user logs out of the application, goes back to the IAG portal, and then re-launches the application. Setting the value to FALSE would not re-submit the form. Setting it to TRUE is usually a good idea, although in some cases, an application uses the same URL for multiple functions, and then setting the multiple login to true would cause IAG to try to re-submit the page every time.

Once the data has been filled out, save the file under the folder c:\whale-com\e-Gap\von\conf\wizarddefaults\FormLogin and name the file FormLogin.xml. Activate the IAG configuration, checking the option to apply changes made to external configuration files. This is all it takes!


Comments (5)

  1. Naladar says:

    Any updates to this with the release of Update 2?  Having some trouble configuring this so it passes the credentials through to  a Siteminder portal page.  Thanks for your contributions to the community btw!  🙂

  2. Nope, still the same says:

    Update 2 does not affect this. It can be challanging to work out, so you are more than welcome to post about this in the public forum, where I, or one of our MVPs, will be glad to help!

    social.technet.microsoft.com/…/forefrontedgeiag

  3. Dennis Glendenning says:

    Instead of replacing the formlogin.xml file with the custom version in C:whale-come-GapvonconfwizarddefaultsFormLogin, you meant that we should place it in a CustomUpdate folder, right? As in:

    C:whale-come-GapvonconfwizarddefaultsFormLoginCustomUpdate

  4. Ben says:

    Response to Dennis – you are correct. I will ammend the text ASAP. Thanks for pointing this out!

  5. showbox says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android.
    The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.