# Login screen: Default and chosen provider

You have three options to display an authentication provider on your login screen:

  1. Let users choose from more than one possible authentication providers (Microsoft Active Directory, Domino, eDirectory ...).
  2. Provide and display a default Authentication Provider.
  3. Predefine a chosen Authentication Provider to let the frontend automatically call the provider. Especially when working with SSO, no user action is necessary.


Login screen with an active SAML provider and five further providers to choose from.

To display a provider in your login GUI, call URL {server_url}?connectorName={connectorName}. The connector {connectorName} will be the active connector in your login GUI.

To configure a default or chosen provider, use admin snap-in Authentication/Authentication provider in the administration area. All changes made here will be stored in an XML file in your folder custom/global/authentication_provider/authentication_provider.xml.

# Default Username/password authentication provider

A default provider simplifies the login for users: The default login screen can be used for both logging in with a 4ALLPORTAL user or a provider, e.g. an LDAP provider. This can also be hidden in the login GUI if necessary.
Use snap-in field Default Username/password authentication provider to set a default provider.

The default provider is active after a reload. If a login is tried with a UsernamePassword authentication provider and no connectorName or connectorName = default is set, first a 4ALLPORTAL login is tried, followed by a login with the default provider.

# Default provider as a workaround

When logging in with an authentication provider from type UsernamePassword via the GUI, you can usually set connectorName to choose the provider. The frontend passes the connectorName to the backend.
If in some cases this is not possible (e.g. the PowerPoint-Plugin cannot do this). In order for the login to work for such a provider, the default username/password provider can be set.

# Chosen provider for frontend

Sometimes it is necessary for the frontend to directly try to login to a provider without any user interaction. For this, you can set a chosen provider in snap-in field Default provider for frontend.

After reload the chosen provider is active.

Provider types

Authentication providers can be divided into different types. They are defined in enum ProviderType:

  • USERNAME_PASSWORD
    These providers need a Username and a Password for login
  • REDIRECT
    To login with these providers a redirect to a targetUrl has to be processed. After a successful login a session is created, and the frontend can access the session with getSessionAttributes.
  • LOAD_TOKEN
    To login with these providers a targetUrl has to be processed. After a successful login the response body contains a token. The frontend needs to send this token with the login methode.

Installing of the Authentication Base