You can modify the main.jsp file and use the contract URI to specify the login page to display. The Identity Server must be running 3.1 SP1 or later to use this feature. Be aware of the following:
The main.jsp file cannot be renamed, so any modifications you make to this file can be lost whenever you upgrade the Identity Server. During the upgrade, you must select to restore custom files or you must restore your modified file after the upgrade. If this is the only JSP file that you modified that uses an Identity Server name, it is probably best to manually restore this file after an upgrade.
Modifying the main.jsp file requires knowledge of JSP programming and if/else statements.
Modifying the main.jsp file allows you to have the following type of configuration:
You can create multiple customized nidp.jsp pages. For example: custom1.jsp, custom2.jsp, and custom3.jsp.
You can create multiple customized login.jsp pages that request different login credentials.
For example:
login1.jsp: Configured to request username and password.
login2.jsp: Configured to request username, email, and password.
login3.jsp: Configured to request email and password.
With this type of configuration, you must create three different authentication contracts with an authentication method with a JSP property defined for each of them. These contracts require the types of values listed in the table below. The URI is defined so that it reflects the custom login.jsp and the custom nidp.jps that are used by the contract.
Contract Configuration Details
Contract1 URI login1/custom1
Method1 Configured with the following JSP property:
Property Name: JSP Property Value: login1
This method does not need a query property unless you are using an attribute other than the cn attribute for the username.
Contract2 URI login2/custom2
The following procedure explains how to configure Access Manager to display these custom login pages with custom credentials.
1 Create a unique method for each custom login.jps file:
1a In the Administration Console, click Devices > Identity Servers > Edit > Local > Methods.
1b Click New, then configure the following fields:
Display name: Specify a name for the method. You might want to use a name that indicates which login page is assigned to this method.
Class: Select a name/password class.
Configure the other fields to match your requirements.
1c In the Properties section, add a Query property if the page uses custom credentials.
For example, to add an email address to the login prompts, add the following property:
Property Name: Query
Property Value: (&(objectclass=person)(mail=%Ecom_User_ID%))
If you are creating a method for Contract 1 in the example above (which prompts for a username and password), you do not need to add a query property unless you are using an attribute other than the cn attribute for the username.
1d In the Properties section, add a JSP property to specify which login.jsp file to use with this method.
For example:
Property Name: JSP Property Value: login2 1e Click Finish.
1f If you have created more than one custom login.jsp file, repeat Step 1b through Step 1e for each page.
To configure the scenario described in this section, repeat these steps for three login pages.
Method2 Configured with the following two properties:
Property Name: JSP Property Value: login2 Property Name: Query
Property Value: (&(objectclass=person) (mail=%Ecom_User_ID%))
Contract3 URI login3/custom3
Method3 Configured with the following two properties:
Property Name: JSP Property Value: login3 Property Name: Query
Property Value: (objectclass=person) (mail=%Ecom_User_ID%)
Contract Configuration Details
2 Create a unique contract URI:
2a In the Administration Console, click Contracts.
2b Click New, then configure the following fields:
Display name: Specify a name for the contract. You might want to use a name that indicates which login page is assigned to this contract.
URI: Specify a value that uniquely identifies the contract from all other contracts. No spaces can exist in the URI field. You might want to use a name that indicates the custom login page and custom credential page, such as login1/custom1.
Methods and Available Methods: Select the authentication method you configured in Step 1.
2c Configure the other fields to meet your network requirements, then click Next.
2d Configure the authentication card, then click Finish.
2e (Conditional) If you have created multiple custom login pages, repeat Step 2b through Step 2d for each page.
To configure the scenario described in this section, repeat these steps for /login2/custom2 and /login3/custom3.
2f Click OK, then update the Identity Server.
3 Modify the main.jsp file:
3a Open the main.jsp file. The file is located in the following directory:
Linux: /opt/novell/nids/lib/webapp/jsp
Windows Server 2008: \Program Files (x86)\Novell\Tomcat\webapps\nidp \jsp 3b Near the top of the file, add the following line:
String strContractURI = hand.getContractURI();
This sets the strContractURI variable to the value of the contract URI that is being used for authentication. These lines should look similar to the following:
<%
ContentHandler hand = new ContentHandler(request,response);
String strContractURI = hand.getContractURI();
// Is there a JSP defined on a class definition or a method // definition that should be displayed as the main jsp here?
if (handler.contractDefinesMainJSP()) {
%>
3c After the if statement, add an else if statement for each contract URI you have created.
For example:
<% }
else if(strContractURI != null && strContractURI.equals("login1/custom1")) {
%>
<%@ include file="custom1.jsp" %>
<% }
These else if statements set up three contracts for customized login pages:
The first else if statement specifies the URI of the login1 contract and configures it to display the custom1.jsp page for authentication.
The second else if statement specifies the URI of the login2 contract and configures it to display the custom2.jsp page for authentication.
The third else if statement specifies the URI of the login3 contract and configures it to display the custom3.jsp page for authentication.
Your file should look similar to the following:
<%@ page language="java" %>
ContentHandler hand = new ContentHandler(request,response);
String strContractURI = hand.getContractURI();
// Is there a JSP defined on a class definition
else if(strContractURI != null && strContractURI.equals("login1/
custom1")) {
%>
<%@ include file="custom1.jsp" %>
<% }
else if(strContractURI != null && strContractURI.equals("login2/custom2")) {
%>
3d Copy the modified main.jsp file to each Identity Server in your cluster.
4 Back up your customized files.
5 For each resource that you have created a custom login page for, assign that resource to use the contract that is configured to display the appropriate login page:
5a Click Devices > Access Gateways > Edit > [Reverse Proxy Name] > [Proxy Service Name] > Protected Resources.
5b For each protected resource that you have created a custom contract for, select the protected resource, then configure it to use the custom contract.
5c Update the Access Gateway.
6 (Conditional) If the custom page does not display correctly, see Section 2.1.3, “Troubleshooting Tips for Custom Login Pages,” on page 79.