Twitter

It is possible to authenticate users into a federation using their Twitter account. Before it even becomes relevant to set up the Twitter authentication connection in Safewhere*Identify, we must register Safewhere*Identify as an Application with Twitter. The link to do this is:

https://dev.twitter.com/apps

After signing up as a Twitter developer, register your Safewhere*Identify installation using the “Create new app” button.

twitters0

A create application form will be shown. After the application is saved successfully, we will have the form like below :

twitters1

Enter the following required information:

  • Callback URIs: Insert using the following format: https://[Identify site URL]/runtime/twitter/consume.idp that will point to your Safewhere*Identify installation.

Once registered you will be given a number of important information that you will be using to set up the Twitter connection in Safewhere*Identify. These are:

twitters2

  • Consumer key: The unique key that your app is given with Google.
  • Consumer secret: A secret code that will be used to ensure that your installation of Safewhere*Identify is the only one that can use the Google authentication app setup.

Now that you have Safewhere*Identify registered with Twitter you can continue to set up the Twitter authentication connection in Safewhere*Identify. The settings to use are:

  • Twitter OAuth request token endpoint: Should always be set to https://api.twitter.com/oauth/request_tokenunless Twitter changes their API.
  • Twitter OAuth dialog endpoint: Should always be set to https://api.twitter.com/oauth/authenticateunless Twitter changes their API.
  • Twitter OAuth dialog for mobile endpoint: Should always be set to https://api.twitter.com/oauth/authenticateunless Twitter changes their API.
  • Twitter OAuth access token endpoint: Should always be set to https://api.twitter.com/oauth/access_tokenunless Twitter changes their API.
  • Twitter OAuth user information endpoint: Should always be set to https://api.twitter.com/oauth/access_tokenunless Twitter changes their API.
  • Client id (App id): The App ID automatically generated by Twitter.
  • Consumer secret code: The secret code automatically generated by Twitter.

Besides the actual Twitter specific configuration settings, there are a whole range of fields that will help you set up a two factor authentication process, if so desired. Below each of these are explained.

  • Second factor authentication connection: If you want this Twitter Authentication Connection to have a second factor, you must choose this second factor among the different Authentication Connections that have been set up in the system. This includes all the One Time Password Connections.
  • Two factor identities condition:When using two different Authentication Connections together (which is basically what you are doing when setting up two-factor authentication, then the two may try to Safewhere*Identify the incoming user based on two different identity bearing claims. This dropdown is activated when a user has chosen, that the connection will have a second factor. Options in the dropdown are:
    • Use the first identity: System will disregard the “Identity bearing claim” value of the second factor and just focus on identifying the user based on the first one.
    • Two identities must be the same: The user will not be allowed to log in unless the identity of the user for the first factor is identical to that of the second factor.
  • Enabled for mobile use: Should be checked if you also want to allow mobile users to authenticate using this connection.
  • Perform log out at SLO: Should be checked if you also want to log out your account from Twitter.
  • IP-based filter for Home Realm Discovery: specifies IP addresses of RPs for the filter.An IP address consists of 4 sections of numbers between 1 and 255. The 4 sections of numbers are seperated by a dot. An IP range consists of two IP addresses separated by a dash. You can enter multiple IP addresses or IP ranges by seperating them with semicolons. E.g.: 192.168.1.1;192.168.1.2;192.168.0.0-192.168.1.255.
  • Supports automatic selection of authentication connection: check it to enables the Auto HRD mechanism for this authentication connection.
  • Authentication status checker path: path to checker script which is called to process Auto HRD mechanism.

The following are the list of claims that Safewhere*Identify can expect to get returned from Twitter.

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

To see how the authentication page looks to the users, please click here.