Configure a custom form login page

The WebSphere Application Server Liberty profile provides the ability to define a custom form login page for users to submit authentication credentials.

We can customize our own custom form login page, but we must implement this page in the required form-based authentication format as specified in the Servlet 3.0 specification. In all forms, the action on the form element must be j_security_check. The action must use the j_username input field to get the user name and the j_password input field to get the user password in forms supporting authentication schemes that require a user name and password. The custom form login page must be provided as an unprotected web resource. We can set this login page at the global server level, which applies to all applications deployed to the server. Alternatively, we can specify the login page for individual applications.

Make sure that any files included in the form-login page (such as external style sheets, or images) are unprotected.

1. Specify the following form elements in the form login page that expects a user name and password.

   <FORM action="j_security_check" method="POST">
     User name: <INPUT type="text" name="j_username"><br>
     Password: <INPUT type="password" name="j_password"><br>
     <INPUT type="submit" name="action" value="Login">
   </FORM>

2. Configure the login form for use by applications on the server. There are two possible configurations to use a form login page in an application that is deployed to the server. We can configure the custom login page for use in a single application, or we can configure the page as a global login form used for all applications deployed to the server.

   1. Configure a login form for a single application. We can configure individual applications to direct users to a specific form login page by configuring the web.xml file that is packaged with the application.

      Path to the login page in the web.xml file that is packaged with the application; for example:

      <login-config>
         <auth-method>FORM/<auth-method>
         <realm-name>MyRealm/<realm-name>
         <form-login-config id="FormLoginConfig_1">
          <form-login-page>/login.jsp/<form-login-page>
          <form-error-page>/loginError.jsp/<form-error-page>
         </form-login-config>
      </login-config>

      To see how to customize and package a form login page, refer to Customizing web application login.

   2. Configure a global login form. We can omit the form login page from the web.xml files packaged with each application and instead, specify in the server.xml configuration that the login form is for global use among applications deployed to the server.

      In server.xml, include a webAppSecurity element with the loginFormURL attribute specified with a value of the path of the login form page; for example:

      <webAppSecurity loginFormURL="myGlobalFormLogin/myLogin.jsp" />

      Ensure that the form login page is packaged as a web application archive (WAR) file deployed to the server.

      If the form-login-page element within an application's web.xml file does not exist, use the global login page specified in the server configuration.

3. Optional. a href="twlp_config_custom_login_openid.html" >Configure a custom form login page for OpenID.

4. Optional. Configure a custom form login page for OAuth.

Subtopics

• Configure a custom form login page for OpenID
  Login pages for the WebSphere Application Server Liberty profile must have a certain configuration in order to support OpenID Authentication.

• Configure a custom form login page for OAuth
  We can configure custom form login pages for specific OAuth service providers.

Parent topic: Authenticate users

Concepts:

OpenID

OAuth

Customize an OAuth provider

Tasks:

Configure a custom form login page for OpenID

Configure a custom form login page for OAuth

Configure an OpenID Relying Party