8.7 Creating Custom Login Pages

You can create custom login pages that refer to the Identity Server. You might want to rebrand the User Portal, authenticate users with non-default attributes (cn), or authenticate users based on multiple LDAP attributes. You also might be fronting several protected resources with an Access Gateway, and you need to create a unique login for each page.

8.7.1 Modifying the Login Page

The following page is the default login page provided by the Access Manager. This page has been designed for the form-based authentication class.

Default login page

Access Manager uses a JSP file as the default login page. You must be familiar with customizing .jsp files when creating custom login pages. The login.jsp file which creates the default login page is located on the Identity Server in the following directory:

/var/opt/novell/tomcat4/webapps/nidp/jsp

You use the property name and values in the authentication classes and methods to customize the login. (See Section 8.2, Creating Authentication Classes.).

The Radius and Protected classes also support a JSP property. You can use other classes, but if you want to create a custom login page, you must select a class that supports the JSP property. You can add this property to either the class or to the method derived from the class.

Property Names and Values

The default Property Name is Ecom_User_ID with a value of cn. You could, for example, change this to Ecom_User_ID and mail if you want to authenticate by using the user’s e-mail address. If you want to authenticate with the current username and password credentials, as well as the user’s e-mail address, you could modify the login page with an additional field in the form. For example:

input type="text" class="smalltext" name="Ecom_User_eMail" size="30"

You could then add an Ecom_User_eMail property name with “mail” as the property value. This is an example of an AND-based authentication request where you add the username AND user e-mail AND user password. You can OR fields if you add a Query property with a value similar to

(&(objectclass=person)(cn=%Ecom_User_ID%)(mail=%Ecom_User_eMail%)).

This entry allows you to add a field to the login page and allow the user to log in with a username or an e-mail address.

8.7.2 Creating Your Own Login or Error Page

The easiest way to create a new login page is to copy the default JSP page, rename it, and then modify it to match your requirements.

Login requirements:

  • Post Action: https://IdentityServerDNS:8443/nidp/app/login

  • User name input type = “text”: name=“Ecom_User_ID”

  • User password input type = “password: name=“Ecom_Password”

  • Optional input type = “hidden”: name=“target” with a value of a destination URL.

The default authentication contract is used if the post comes from an external page.

Logout links:

  • Identity Server: https://IdentityServerDNS:8443/nidp/app/logout

  • Access Gateway: https://AGAuthDomain/nesp/app/plogout

The location of the logout page for the Access Gateway:

  • For the NetWare Access Gateway: sys:tomcat\4\webapps\nesp\jsp\

  • For the Linux Access Gateway: /var/opt/novell/tomcat4/webapps/nesp/jsp/

To create a custom error page for the Identity Server, you must modify the err.jsp located in the following directory:

/var/opt/novell/tomcat4/webapps/nidp/jsp

To create custom error pages for the Access Gateway, see Section 15.6, Customizing Error Pages.

See Also

Customizing Error Messages in Access Manger Login Pages