External links on login page

This section deals with adding extra links to the OpenIAM login and error pages as well as creating a custom link to create an access request.

How to add extra links to the login page

To add extra links to the OpenIAM login page, follow these steps:

  1. Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy.
package selfservice
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.login.DefaultLoginPageDisplayHandler
class CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {
public CustomLoginPageDisplayHandler() {
}
@Override
public List<Hyperlink> getAdditionalHyperlinks() {
return [
new Hyperlink(text: "Login using SSO", href: "your_custom_link"),
new Hyperlink(text: "Verify via ...", href: "your_custom_link")
] as List
}
}
  1. Set the path to the Groovy script in OpenIAM system configurations. To do this, go to web console > Administration > System Configurations > UI tab > Extra Links on Login Page Groovy Handler property.

    Groovy handler property

Another possible option here may be displaying specific custom links for different content providers on the login page. An example Groovy script to do this is given below.

package selfservice
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.login.DefaultLoginPageDisplayHandler
class CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {
public CustomLoginPageDisplayHandler() {}
@Override
public List<Hyperlink> getAdditionalHyperlinks() {
def hyperlinks = [] as List
def contentProviderId = request.getHeader("x-openiam-cp-id")
switch (contentProviderId) {
case "": // content provider ID 1 here
hyperlinks.add(new Hyperlink(text: "", href: ""))
break
case "": // content provider ID 2 here
hyperlinks.addAll(Arrays.asList(
new Hyperlink(text: "", href: ""),
new Hyperlink(text: "", href: "") // in case you need more than one link
))
break
// add more 'cases' if needed
// case "cp-id-here":
// hyperlinks.add(new Hyperlink(text: "text_here", href: "link_here"))
// break
}
return hyperlinks
}
}

Note: You can get the content provider ID by going to webconsole > Access Control > Content Providers > find the content provider required > Click Edit Procider on the left menu. Now you can see the provider ID in the browser URL.

How to add extra links to error page

In order to add extra links to the OpenIAM error pages do the following.

  • Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy
  • Set path to the groovy script in OpenIAM system configurations. To do it go to webconsole > Administration > System Configurations > UI tab > Extra links on error pages groovy handler property.

Groovy handler property

The example groovy script of the system configuration property is given below.

package selfservice
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler
class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {
public CustomErrorPageDisplayHandler() {
}
@Override
public List<Hyperlink> getAdditionalHyperlinks() {
return [
new Hyperlink(text: "Request access", href: "your_custom_link"),
new Hyperlink(text: "Go back to …", href: "your_custom_link")
] as List
}
}

How to build custom link to create access request

In order to build a custom link to create access request w/o navigating over the catalog you can use custom extra links.

Usually they can be useful in case user is trying to access a page without having an appropriate access to it. In this case user can build and add extra link to request specific access based on the error and page/resource user is trying to access. To the 401 error page, for example.

See How to add extra links to error page section above for configuration example.

Here is an example groovy script that adds roles into access request based on authentication provider user is trying to access.

package selfservice
import org.apache.commons.collections.CollectionUtils
import org.openiam.am.srvc.dto.AuthProvider
import org.openiam.base.response.list.ResourceListResponse
import org.openiam.idm.searchbeans.ResourceSearchBean
import org.openiam.idm.srvc.entitlements.EntitlementsCollection
import org.openiam.srvc.am.AuthProviderWebService
import org.openiam.srvc.am.ResourceDataService
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler
import java.util.stream.Collectors
class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {
final String REST_API_URL = "https://your_address/selfservice/?frameURL=/selfservice/createRequest?id="
@Override
public List<Hyperlink> getAdditionalHyperlinks() {
final AuthProviderWebService authProviderWebService = context.getBean(AuthProviderWebService.class)
final ResourceDataService resourceDataService = context.getBean(ResourceDataService.class)
if (!authProviderId) {
def split = request.getRequestURI().split("/")
if (split)
authProviderId = split[split.length - 1]
}
final AuthProvider provider = authProviderWebService.getAuthProvider(authProviderId)
if (provider) {
final ResourceSearchBean rsb = new ResourceSearchBean()
rsb.addKey(provider.getResource()?.getId())
final ResourceListResponse resourceListResponse = resourceDataService.findBeans(rsb, EntitlementsCollection.ROLES as EntitlementsCollection[], 0, 1)
if (resourceListResponse
&& CollectionUtils.isNotEmpty(resourceListResponse.getList())
&& resourceListResponse.getList().first().getRoles()) {
final String roleIdsStr = resourceListResponse.getList().first().getRoles().stream().
map({ it -> it.getEntityId() }).collect(Collectors.toSet()).join(",");
def extraLinks = new Hyperlink(href: REST_API_URL + userId + "%26roleIds=" + roleIdsStr + ",", text: 'or click here to create access request...')
return [extraLinks] as List
}
}
return [] as List
}
}

Notes:

  • User can use the following variables from DefaultErrorPageDisplayHandler class:
Variable typeVariable Name
StringuserId;
StringauthProviderId;
Errorserror;
StringerrorCode;
HttpServletRequestrequest;
  • You can use the following link to call create request API: https://your_address/selfservice/?frameURL=/selfservice/createRequest

  • In order to create access request to specific roles and/or groups user can use the following request parameters:

ParemeterDescription
idtarget user ID, string, required = true.
roleIdsrole IDs, comma-separated string, required = false.
groupIdsgroup IDs, comma-separated string, required = false.