External identity page
Key point: Review the Single Sign-On configuration.

You can review the configuration of external identity providers that PageSeeder accepts to enable Single Sign-On (SSO).

For security reasons, this page doesn’t let you make any changes. External identity providers are defined in the webapp/WEB-INF/config/identity-config.xml configuration file which can only be edited directly on the file system.

  • The root element in this file is <identity-config> and the child elements are described in the following.
  • It may have a default-authentication attribute (default internal) with allowed values: none, internal, external, any. It is the authentication for domains that are not listed.
  • It may have a default-provider attribute containing the id of an identity provider.

Click Reload to reload the external identity configuration if it is modified.

External portal

If your configuration defines an external portal for SSO, it is displayed here.

<portal title="SSO Example" href="https://sso.example.org/" />

Identity providers

This section lists the external identity providers that can be used to sign in to PageSeeder.

The title and description are used for documentation only.

The authority URL and client ID are used by PageSeeder to verify the identity of users and must match exactly the details given by your external identity provider during registration. 

<provider id="google"
          title="Google"
          description="Google personal and weborganic.com"
          authority-url="https://accounts.google.com"
          client-id="{id}.apps.googleusercontent.com" />
<provider id="ms"
          title="Microsoft"
          description="Microsoft personal account"
          authority-url="https://login.microsoftonline.com/{tenant-id}/"
          client-id="{application-id}" />

Email domains

By default, users can only sign in using the PagerSeeder sign-in form. You can specify which users can use an external identity provider by email domain.

If you add a domain to the external identity configuration, user accounts who have an email address from that domain are then able to sign in using an external identity provider or PageSeeder.

<domain name="example.org" />
<domain name="*.example.net"        authentication="any" />
<domain name="internal.example.net" authentication="internal"/>
<domain name="external.example.net" authentication="external"/>
<domain name="choice.example.net"   authentication="any"/>
<domain name="evil.example.net"     authentication="none"/>

The authentication attribute (default any) allows user accounts who have an email address from that domain to sign in using an external identity provider only, an internalPageSeeder account only, any of these or none of these.

A domain may also have a providers attribute which is a list of external provider id values separated by spaces and restricts users to using these providers, for example:

<domain name="mail.example.net"  providers="ms google"/>
<domain name="gmail.example.net" providers="google"/>

How to find this page

Administration menu >  System administration >   System configuration > External identity