3.1 Notes#
With the release of 3.1. Novell has added some items to make it easier for configuring NAM; Well it is different anyhow.Customizing the Login and Logout Pages#
You can create custom login pages that refer to the Identity Server. You might want to re-brand the User Portal, authenticate users with non-default attributes (cn). You also might be fronting several protected resources with an Access Gateway, and you need to create a unique login for each page.
The login page by default is loaded as an iframe within a larger page that contains main.jsp and content.jsp. Novell's idea was to allow the main.jsp to provide branding across many pages and login contracts without people having to customize several different jsp pages. If you do not perform any federation or do not use other login methods, you can create a custom jsp page that is not within the iframe.
You can use the main.jsp file to customize the header with the Novell Access Manager product name and the Novell logo. The login.jsp file controls the credential frame with username and password. The contents.jsp file controls what is displayed on the page, including the available authentication cards.
You must be familiar with customizing JSP files when customizing the login pages. The JSP files are located on the Identity Server in the following directory:
- Linux: /var/opt/novell/tomcat5/webapps/nidp/jsp
- Windows: C:\Program Files\Novell\Tomcat\webapps\nidp\jsp
IMPORTANT:After you have customized these pages, you need to ensure you back them up before doing an upgrade. The upgrade process overrides any custom changes made to JSP files.
R-ebranding the Header#
You can customize the following items in the header of the main.jsp file:- Titles: the window title and the display title. See Customizing the Titles.
- Images: the header image and the Novell logo. See Customizing the Images.
- Background colors. Customizing the Colors.
Customizing the Titles#
The window title appears in the browser title bar. To replace this text, open the main.jsp file and locate the following text that appears between the <head></head> tags:<title><%=handler.getResource(JSPResDesc.TITLE)%></title>Replace the content between the <title> and </title> tags with the title you want to appear. For example:
<title>My Company</title>The display title is the title that appears in the top frame of the page. Locate the following text that appears in the <body> of the page:
<div id="title"><%=handler.getResource(JSPResDesc.PRODUCT)%></div>Replace the content between the <div id="title"> and </div> with the title you want to appear. For example:
<div id="title">My Company</div>
Customizing the Images#
To replace the header image, open the main.jsp file and locate the following text located in the body of the file.
<div><img src="<%=handler.getImage("AccessMan_Login_Head.png",false)%>"></div>
Replace the value of the src attribute with the path and filename of the image you want to use.
To replace the Novell logo image, locate the following text in the body of the file.
<div id="logo"><img src="<%=handler.getImage("AccessMan31_Nlogo.png",false)%>"></div>
Replace the value of the src attribute with the path, starting from the webapps directory, and filename of the image you want to use. For example, if you created a /custom/images directory in the webapps directory, the src attribute would have a value similar to the following:
scr="/custom/images/companylogo.gif"
Customizing the Colors#
To change the background colors on the page, modify the color values in the <style> section of the <head>.Customizing the Identity Server Logout Page#
The logout page uses the main.jsp file for its header information. If you have modified this file for a customized login, the same branding appears in the logout page.To customize logout, you need to modify the logoutSuccess.jsp on the Access Gateway. When you call the logout URL, <ESP DOMAIN>/AGLogout,
- it in turn calls logoutSuccess.jsp on the Access Gateway.
- AGLogout redirects to <ESP DOMAIN>/nesp/app/plogout
- you can directly call <ESP DOMAIN>/nesp/app/plogout?parameter=value. Where the parameter can be read inside logoutSuccess.jsp, and if/else logic can be built to load different pages based on the parameter value.
Some things to change the "normal" behavior.#
Something like if you put a link in the login.jsp you can addtarget="_top"to the href and clicking on it opens the target page in a full window rather than just in the frame.
We also were struggling getting the target to work properly with multiple custom contracts. We found that if you add this tag to your form along with target it will work properly
<input type="hidden" name="id" value="IDOFCARD">
The value IDOFCARD is what you specify in your admin console at
IDP >Cluster > Local > Contract > Authentication > ID
It seems that the id of the contract needs to be passed in order to prevent your being send to your target and then back to your idp. The ID also is compliant with the recent html standards.
During an patch or upgrade, the JSP pages and their resources are over written. We would recommend that you take appropriate precautions to prevent the loss of your customized JSP pages and resources. To make this easier, you might want to implement your login page as a separate method or at least name all you pages and resources uniquely to identify your files form those provided by Novell.
Warnings#
Things change. We did this with (3.01 SP4)Identity Servers#
Which Page #
The Access Manager IDP uses a JSP file as the default login page. You must be familiar with customizing .jsp files when creating custom login pages. The login page is located on the Identity Server in the following directory:/var/opt/novell/tomcat4/webapps/nidp/jsp/login.jsp
The Logout page:
/var/opt/novell/tomcat4/webapps/nidp/jsp/logoutSuccess.jsp
The easiest way to create a new login page is to copy the default JSP page, rename it, and then modify it to match your requirements. Login requirements:
- Post Action: https://idpclstr.yourdomain.com:8443/nidp/app/login
- User name input type = "text": name="Ecom_User_ID"
- User password input type = "password: name="Ecom_Password"
- Optional input type = "hidden": name="target" with a value of a destination URL.
The default authentication contract is used if the post comes from an external page. Logout links:
- Identity Server: https://idpclstr.yourdomain.com:8443/nidp/app/logout
Note: if you are NOT authenticated, you are re-directed to the login page. - Access Gateway: https://www-wamtest.yourdomain.com/nesp/app/plogout
The location of the logout page for the Access Gateway:
- For the Linux Access Gateway: /var/opt/novell/tomcat4/webapps/nesp/jsp/
File Ownership (For both Identity and LAGs)#
Be sure the JSPs are owned by "novlwww" group and user.Files images and JSPs, should look like:
ls -la ... -rw-r--r-- 1 novlwww novlwww 991 Aug 21 08:21 af_login.gif ...
To Change ownership; from the appropriate directory issue:
chown novlwww:novlwww *.*
JSP files and location#
The following files are needed for the modified files to work:- login.jsp
- logout.jsp
- logoutSuccess.jsp
Files are placed on ALL Identity servers in:
/opt/novell/nids/lib/webapp/jsp
Resources, Images and location#
The file structures contains a folder "images" where images and other resources can be kept./opt/novell/nids/lib/webapp/images
Delete Compiled JSPs#
For changes to take effect, You may have to delete the files in:/var/opt/novell/tomcat4/work/Standalone/localhost/nidp/jsp
Access Gateways#
JSP files and location#
The following files are needed for the modified files to work:- login.jsp
- logout.jsp
- logoutSuccess.jsp
JSP Files are placed on ALL LAGs in:
/opt/novell/nesp/lib/webapp/jsp
Resources, Images and location#
The file structures contains a folder "images" where images and other resources can be kept./opt/novell/nesp/lib/webapp/images
Delete Compiled JSPs#
For changes to take effect, You will have to delete the files in:/var/opt/novell/tomcat4/work/Standalone/localhost/nesp/jsp