It is possible to authenticate users into a federation using their Twitter account. Before it even becomes relevant to set up the Twitter authentication connection in Safewhere*Identify, we must register Safewhere*Identify as an Application with Twitter. The link to do this is:
After signing up as a Twitter developer, register your Safewhere*Identify installation using the “Create new app” button.
A create application form will be shown. After the application is saved successfully, we will have the form like below :
Enter the following required information:
- Callback URIs: Insert using the following format: https://[Identify site URL]/runtime/twitter/consume.idp that will point to your Safewhere*Identify installation.
Once registered you will be given a number of important information that you will be using to set up the Twitter connection in Safewhere*Identify. These are:
- Consumer key: The unique key that your app is given with Google.
- Consumer secret: A secret code that will be used to ensure that your installation of Safewhere*Identify is the only one that can use the Google authentication app setup.
- Twitter OAuth request token endpoint: Should always be set to https://api.twitter.com/oauth/request_tokenunless Twitter changes their API.
- Twitter OAuth dialog endpoint: Should always be set to https://api.twitter.com/oauth/authenticateunless Twitter changes their API.
- Twitter OAuth dialog for mobile endpoint: Should always be set to https://api.twitter.com/oauth/authenticateunless Twitter changes their API.
- Twitter OAuth access token endpoint: Should always be set to https://api.twitter.com/oauth/access_tokenunless Twitter changes their API.
- Twitter OAuth user information endpoint: Should always be set to https://api.twitter.com/oauth/access_tokenunless Twitter changes their API.
- Client id (App id): The App ID automatically generated by Twitter.
- Consumer secret code: The secret code automatically generated by Twitter.
Besides the actual Twitter specific configuration settings, there are a whole range of fields that will help you set up a two factor authentication process, if so desired. Below each of these are explained.
- Second factor authentication connection: If you want this Twitter Authentication Connection to have a second factor, you must choose this second factor among the different Authentication Connections that have been set up in the system. This includes all the One Time Password Connections.
- Two factor identities condition:When using two different Authentication Connections together (which is basically what you are doing when setting up two-factor authentication, then the two may try to Safewhere*Identify the incoming user based on two different identity bearing claims. This dropdown is activated when a user has chosen, that the connection will have a second factor. Options in the dropdown are:
- Use the first identity: System will disregard the “Identity bearing claim” value of the second factor and just focus on identifying the user based on the first one.
- Two identities must be the same: The user will not be allowed to log in unless the identity of the user for the first factor is identical to that of the second factor.
- Enabled for mobile use: Should be checked if you also want to allow mobile users to authenticate using this connection.
- Perform log out at SLO: Should be checked if you also want to log out your account from Twitter.
- IP-based filter for Home Realm Discovery: specifies IP addresses of RPs for the filter.An IP address consists of 4 sections of numbers between 1 and 255. The 4 sections of numbers are seperated by a dot. An IP range consists of two IP addresses separated by a dash. You can enter multiple IP addresses or IP ranges by seperating them with semicolons. E.g.: 192.168.1.1;192.168.1.2;192.168.0.0-192.168.1.255.
- Supports automatic selection of authentication connection: check it to enables the Auto HRD mechanism for this authentication connection.
- Authentication status checker path: path to checker script which is called to process Auto HRD mechanism.
The following are the list of claims that Safewhere*Identify can expect to get returned from Twitter.
To see how the authentication page looks to the users, please click here.