OIDC Custom Login Behavior
When using the OpenID Connect (OIDC) protocol for logging in, the process can be customized as illustrated in the following sections.
Auto-Redirect Option
You can completely hide the FNZ Studio login page and automatically redirect the login process to an Identity Provider (IDP). This feature provides a seamless login experience with IDP-initiated single sign-on.
To enable this option, configure FNZ Studio to auto-redirect users from its login page to the IDP's sign-in page by setting the property nm.login.openidconnect.autoredirect = true.
The redirect will take the user to the first IDP in the list. If multiple IDPs are defined, only the first one is used, and the default flag on the IDP is ignored.
Query Parameters
The FNZ Studio login page provides flexibility in its behavior based on some login page URL parameters:
studio_idp_hint: Unauthenticated requests with thestudio_idp_hintparameter trigger automatic redirection to the OpenID provider specified in the parameter. If the parameter does not match any predefined provider names, the FNZ Studio login page is displayed. Example:<base_url>/admin?studio_idp_hint=Azurefollowup_url: Requests to thej_security_checkendpoint may include thefollowup_urlquery string parameter. If present, the value must be a URL path relative to the web application's base (root). Upon successful authentication, users are redirected to this specified URL. If the parameter is absent or contains an invalid value, users are redirected to the original request URL. If the original request URL is also unavailable, redirection occurs to the root URL of the web application.error_followup_urlparameter is a an absolute URL that must correspond to one of the patterns specified in theerrorFollowUpURLValidPatternsconfiguration of the OP descriptor; otherwise, it will be ignored. If theerror_followup_urlparameter is present and the authentication fails, the user is redirected to this URL. The URL has the following query parameters appended:studio_idp_hint: Name of the IdP used to authenticateerror_code: Error code received from the IdPerror_description: Details on the authentication problem