External links on login page
This section deals with adding extra links to the OpenIAM login and error pages as well as creating a custom link to create an access request.
How to add extra links to the login page
To add extra links to the OpenIAM login page, follow these steps:
- Extend and specify extra links in
/selfservice/CustomErrorPageDisplayHandler.groovy
.
package selfserviceimport org.openiam.ui.model.Hyperlinkimport org.openiam.ui.login.DefaultLoginPageDisplayHandlerclass CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {public CustomLoginPageDisplayHandler() {}@Overridepublic List<Hyperlink> getAdditionalHyperlinks() {return [new Hyperlink(text: "Login using SSO", href: "your_custom_link"),new Hyperlink(text: "Verify via ...", href: "your_custom_link")] as List}}
Set the path to the Groovy script in OpenIAM system configurations. To do this, go to web console > Administration > System Configurations > UI tab > Extra Links on Login Page Groovy Handler property.
Another possible option here may be displaying specific custom links for different content providers on the login page. An example Groovy script to do this is given below.
package selfserviceimport org.openiam.ui.model.Hyperlinkimport org.openiam.ui.login.DefaultLoginPageDisplayHandlerclass CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {public CustomLoginPageDisplayHandler() {}@Overridepublic List<Hyperlink> getAdditionalHyperlinks() {def hyperlinks = [] as Listdef contentProviderId = request.getHeader("x-openiam-cp-id")switch (contentProviderId) {case "": // content provider ID 1 herehyperlinks.add(new Hyperlink(text: "", href: ""))breakcase "": // content provider ID 2 herehyperlinks.addAll(Arrays.asList(new Hyperlink(text: "", href: ""),new Hyperlink(text: "", href: "") // in case you need more than one link))break// add more 'cases' if needed// case "cp-id-here":// hyperlinks.add(new Hyperlink(text: "text_here", href: "link_here"))// break}return hyperlinks}}
Note: You can get the content provider ID by going to webconsole > Access Control > Content Providers > find the content provider required > Click Edit Procider on the left menu. Now you can see the provider ID in the browser URL.
How to add extra links to error page
In order to add extra links to the OpenIAM error pages do the following.
- Extend and specify extra links in
/selfservice/CustomErrorPageDisplayHandler.groovy
- Set path to the groovy script in OpenIAM system configurations. To do it go to webconsole > Administration > System Configurations > UI tab > Extra links on error pages groovy handler property.
The example groovy script of the system configuration property is given below.
package selfserviceimport org.openiam.ui.model.Hyperlinkimport org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandlerclass CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {public CustomErrorPageDisplayHandler() {}@Overridepublic List<Hyperlink> getAdditionalHyperlinks() {return [new Hyperlink(text: "Request access", href: "your_custom_link"),new Hyperlink(text: "Go back to …", href: "your_custom_link")] as List}}
How to build custom link to create access request
In order to build a custom link to create access request w/o navigating over the catalog you can use custom extra links.
Usually they can be useful in case user is trying to access a page without having an appropriate access to it. In this case user can build and add extra link to request specific access based on the error and page/resource user is trying to access. To the 401 error page, for example.
See How to add extra links to error page section above for configuration example.
Here is an example groovy script that adds roles into access request based on authentication provider user is trying to access.
package selfserviceimport org.apache.commons.collections.CollectionUtilsimport org.openiam.am.srvc.dto.AuthProviderimport org.openiam.base.response.list.ResourceListResponseimport org.openiam.idm.searchbeans.ResourceSearchBeanimport org.openiam.idm.srvc.entitlements.EntitlementsCollectionimport org.openiam.srvc.am.AuthProviderWebServiceimport org.openiam.srvc.am.ResourceDataServiceimport org.openiam.ui.model.Hyperlinkimport org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandlerimport java.util.stream.Collectorsclass CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {final String REST_API_URL = "https://your_address/selfservice/?frameURL=/selfservice/createRequest?id="@Overridepublic List<Hyperlink> getAdditionalHyperlinks() {final AuthProviderWebService authProviderWebService = context.getBean(AuthProviderWebService.class)final ResourceDataService resourceDataService = context.getBean(ResourceDataService.class)if (!authProviderId) {def split = request.getRequestURI().split("/")if (split)authProviderId = split[split.length - 1]}final AuthProvider provider = authProviderWebService.getAuthProvider(authProviderId)if (provider) {final ResourceSearchBean rsb = new ResourceSearchBean()rsb.addKey(provider.getResource()?.getId())final ResourceListResponse resourceListResponse = resourceDataService.findBeans(rsb, EntitlementsCollection.ROLES as EntitlementsCollection[], 0, 1)if (resourceListResponse&& CollectionUtils.isNotEmpty(resourceListResponse.getList())&& resourceListResponse.getList().first().getRoles()) {final String roleIdsStr = resourceListResponse.getList().first().getRoles().stream().map({ it -> it.getEntityId() }).collect(Collectors.toSet()).join(",");def extraLinks = new Hyperlink(href: REST_API_URL + userId + "%26roleIds=" + roleIdsStr + ",", text: 'or click here to create access request...')return [extraLinks] as List}}return [] as List}}
Notes:
- User can use the following variables from
DefaultErrorPageDisplayHandler
class:
Variable type | Variable Name |
---|---|
String | userId; |
String | authProviderId; |
Errors | error; |
String | errorCode; |
HttpServletRequest | request; |
You can use the following link to call create request API: https://your_address/selfservice/?frameURL=/selfservice/createRequest
In order to create access request to specific roles and/or groups user can use the following request parameters:
Paremeter | Description |
---|---|
id | target user ID, string, required = true. |
roleIds | role IDs, comma-separated string, required = false. |
groupIds | group IDs, comma-separated string, required = false. |