This section deals with adding extra links to the OpenIAM login and error pages as well as creating a custom link to create an access request.

How to add extra links to the login page

In order to add extra links to the OpenIAM login page, do the following:

• Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy
• Set path to the groovy script in OpenIAM system configurations. To do it go to webconsole -> Administration -> System Configurations -> UI tab -> Extra Links on Login page groovy handler property.

Here is the system configuration property example: Groovy script

package selfservice
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.login.DefaultLoginPageDisplayHandler

class CustomLoginPageDisplayHandler extends DefaultLoginPageDisplayHandler {

    public CustomLoginPageDisplayHandler() {
    }

    @Override
    public List<Hyperlink> getAdditionalHyperlinks() {
        return [
            new Hyperlink(text: "Login using SSO", href: "your_custom_link"),
            new Hyperlink(text: "Verify via ...", href: "your_custom_link")
        ] as List
    }
}

How to add extra links to error page.

In order to add extra links to the OpenIAM error pages do the following:

• Extend and specify extra links in /selfservice/CustomErrorPageDisplayHandler.groovy
• Set path to the groovy script in OpenIAM system configurations. To do it go to webconsole -> Administration -> System Configurations -> UI tab -> Extra links on error pages groovy handler property.

Here is the system configuration property example: Groovy script

package selfservice
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler

class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {

    public CustomErrorPageDisplayHandler() {
    }

    @Override
    public List<Hyperlink> getAdditionalHyperlinks() {
        return [
            new Hyperlink(text: "Request access", href: "your_custom_link"),
            new Hyperlink(text: "Go back to …", href: "your_custom_link")
        ] as List
    }
}

How to build custom link to create access request

In order to build a custom link to create access request w/o navigating over the catalog you can use custom extra links.

Usually they can be useful in case user is trying to access a page without having an appropriate access to it. In this case user can build and add extra link to request specific access based on the error and page/resource user is trying to access. To the 401 error page, for example.

See How to add extra links to error page section above for configuration example.

Here is an example of adding roles into access request based on authentication provider user is trying to access.

Groovy script example:

package selfservice

import org.apache.commons.collections.CollectionUtils
import org.openiam.am.srvc.dto.AuthProvider
import org.openiam.base.response.list.ResourceListResponse
import org.openiam.idm.searchbeans.ResourceSearchBean
import org.openiam.idm.srvc.entitlements.EntitlementsCollection
import org.openiam.srvc.am.AuthProviderWebService
import org.openiam.srvc.am.ResourceDataService
import org.openiam.ui.model.Hyperlink
import org.openiam.ui.web.mvc.error.handler.DefaultErrorPageDisplayHandler
import java.util.stream.Collectors

class CustomErrorPageDisplayHandler extends DefaultErrorPageDisplayHandler {

    final String REST_API_URL = "https://your_address/selfservice/?frameURL=/selfservice/createRequest?id="

    @Override
    public List<Hyperlink> getAdditionalHyperlinks() {
        final AuthProviderWebService authProviderWebService = context.getBean(AuthProviderWebService.class)
        final ResourceDataService resourceDataService = context.getBean(ResourceDataService.class)

        if (!authProviderId) {
            def split = request.getRequestURI().split("/")
            if (split)
                authProviderId = split[split.length - 1]
        }

        final AuthProvider provider = authProviderWebService.getAuthProvider(authProviderId)
        if (provider) {
            final ResourceSearchBean rsb = new ResourceSearchBean()
            rsb.addKey(provider.getResource()?.getId())
            final ResourceListResponse resourceListResponse = resourceDataService.findBeans(rsb, EntitlementsCollection.ROLES as EntitlementsCollection[], 0, 1)
            if (resourceListResponse
                    && CollectionUtils.isNotEmpty(resourceListResponse.getList())
                    && resourceListResponse.getList().first().getRoles()) {
                final String roleIdsStr = resourceListResponse.getList().first().getRoles().stream().
                        map({ it -> it.getEntityId() }).collect(Collectors.toSet()).join(",");
                def extraLinks = new Hyperlink(href: REST_API_URL + userId + "%26roleIds=" + roleIdsStr + ",", text: 'or click here to create access request...')
                return [extraLinks] as List
            }
        }
        return [] as List
    }
}

Notes:

• User can use the following variables from DefaultErrorPageDisplayHandler class:

• You can use the following link to call create request API: https://your_address/selfservice/?frameURL=/selfservice/createRequest

• In order to create access request to specific roles and/or groups user can use the following request parameters: