Powered by Algolia

    External links on login page

    This section deals with adding extra links to the OpenIAM login and error pages as well as creating a custom link to create an access request.

    How to add extra links to the login page

    To add extra links to the OpenIAM login page, follow these steps:

    1. Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy.
        package selfservice
        import org.openiam.ui.model.Hyperlink
        import org.openiam.ui.login.DefaultLoginPageDisplayHandler
    

        class CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {
    

            public CustomLoginPageDisplayHandler() {
            }
    

            @Override
            public List<Hyperlink> getAdditionalHyperlinks() {
                return [
                    new Hyperlink(text: "Login using SSO", href: "your_custom_link"),
                    new Hyperlink(text: "Verify via ...", href: "your_custom_link")
                ] as List
            }
        }

    1. Set the path to the Groovy script in OpenIAM system configurations. To do this, go to web console > Administration > System Configurations > UI tab > Extra Links on Login Page Groovy Handler property.

      Groovy handler property

    Another possible option here may be displaying specific custom links for different content providers on the login page. An example Groovy script to do this is given below.

    package selfservice
    

    import org.openiam.ui.model.Hyperlink
    import org.openiam.ui.login.DefaultLoginPageDisplayHandler
    

    class CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {
    

        public CustomLoginPageDisplayHandler() {}
        
        @Override
        public List<Hyperlink> getAdditionalHyperlinks() {
            def hyperlinks = [] as List
            def contentProviderId = request.getHeader("x-openiam-cp-id")
    

            switch (contentProviderId) {
                case "": // content provider ID 1 here
                    hyperlinks.add(new Hyperlink(text: "", href: ""))
                    break
                case "": // content provider ID 2 here
                    hyperlinks.addAll(Arrays.asList(
                            new Hyperlink(text: "", href: ""),
                            new Hyperlink(text: "", href: "") // in case you need more than one link
                    ))
                    break
                // add more 'cases' if needed
                // case "cp-id-here":
                //    hyperlinks.add(new Hyperlink(text: "text_here", href: "link_here"))
                //    break
            }
    

            return hyperlinks
        }
    }

    Note: You can get the content provider ID by going to webconsole > Access Control > Content Providers > find the content provider required > Click Edit Procider on the left menu. Now you can see the provider ID in the browser URL.

    How to add extra links to error page

    In order to add extra links to the OpenIAM error pages do the following.

    • Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy
    • Set path to the groovy script in OpenIAM system configurations. To do it go to webconsole > Administration > System Configurations > UI tab > Extra links on error pages groovy handler property.

    Groovy handler property

    The example groovy script of the system configuration property is given below.

    package selfservice
    import org.openiam.ui.model.Hyperlink
    import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler
    

    class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {
    

        public CustomErrorPageDisplayHandler() {
        }
    

        @Override
        public List<Hyperlink> getAdditionalHyperlinks() {
            return [
                new Hyperlink(text: "Request access", href: "your_custom_link"),
                new Hyperlink(text: "Go back to …", href: "your_custom_link")
            ] as List
        }
    }

    How to build custom link to create access request

    In order to build a custom link to create access request w/o navigating over the catalog you can use custom extra links.

    Usually they can be useful in case user is trying to access a page without having an appropriate access to it. In this case user can build and add extra link to request specific access based on the error and page/resource user is trying to access. To the 401 error page, for example.

    See How to add extra links to error page section above for configuration example.

    Here is an example groovy script that adds roles into access request based on authentication provider user is trying to access.

    package selfservice
    

    import org.apache.commons.collections.CollectionUtils
    import org.openiam.am.srvc.dto.AuthProvider
    import org.openiam.base.response.list.ResourceListResponse
    import org.openiam.idm.searchbeans.ResourceSearchBean
    import org.openiam.idm.srvc.entitlements.EntitlementsCollection
    import org.openiam.srvc.am.AuthProviderWebService
    import org.openiam.srvc.am.ResourceDataService
    import org.openiam.ui.model.Hyperlink
    import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler
    import java.util.stream.Collectors
    

    class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {
    

        final String REST_API_URL = "https://your_address/selfservice/?frameURL=/selfservice/createRequest?id="
    

        @Override
        public List<Hyperlink> getAdditionalHyperlinks() {
            final AuthProviderWebService authProviderWebService = context.getBean(AuthProviderWebService.class)
            final ResourceDataService resourceDataService = context.getBean(ResourceDataService.class)
    

            if (!authProviderId) {
                def split = request.getRequestURI().split("/")
                if (split)
                    authProviderId = split[split.length - 1]
            }
    

            final AuthProvider provider = authProviderWebService.getAuthProvider(authProviderId)
            if (provider) {
                final ResourceSearchBean rsb = new ResourceSearchBean()
                rsb.addKey(provider.getResource()?.getId())
                final ResourceListResponse resourceListResponse = resourceDataService.findBeans(rsb, EntitlementsCollection.ROLES as EntitlementsCollection[], 0, 1)
                if (resourceListResponse
                        && CollectionUtils.isNotEmpty(resourceListResponse.getList())
                        && resourceListResponse.getList().first().getRoles()) {
                    final String roleIdsStr = resourceListResponse.getList().first().getRoles().stream().
                            map({ it -> it.getEntityId() }).collect(Collectors.toSet()).join(",");
                    def extraLinks = new Hyperlink(href: REST_API_URL + userId + "%26roleIds=" + roleIdsStr + ",", text: 'or click here to create access request...')
                    return [extraLinks] as List
                }
            }
            return [] as List
        }
    }

    Notes:

    • User can use the following variables from DefaultErrorPageDisplayHandler class:
    Variable typeVariable Name
    StringuserId;
    StringauthProviderId;
    Errorserror;
    StringerrorCode;
    HttpServletRequestrequest;

    • You can use the following link to call create request API: https://your_address/selfservice/?frameURL=/selfservice/createRequest

    • In order to create access request to specific roles and/or groups user can use the following request parameters:

    ParemeterDescription
    idtarget user ID, string, required = true.
    roleIdsrole IDs, comma-separated string, required = false.
    groupIdsgroup IDs, comma-separated string, required = false.
    Previous
    Configure OTP Provider
    Next
    Managing languages