test

Sun OpenSSO Enterprise 8.0 Integration Guide

Modifying the Account Lockout Message Page

Modify the user_inactive.jsp file. This file notifies the user that the account is locked. Modify the page to include a redirect to an Identity Manager page the user can use to unlock the account. The user_inactive.jsp file forwards the following information to Identity Manager:

The Identity Manager URL used in the following sample refers to anonResetPassword.jsp. You might, however, direct the user to questionLogin.jsp the forgotten password page. If a user has accidentally locked an account it may be because of a forgotten password.

You can manually change the deployed user_inactive.jsp file, or you can use the sample user_inactive.jsp included with the opensso.zip download. Choose only one of the following procedures:

ProcedureTo Manually Modify the Account Lockout Message Page

  1. Use a text editor to open the file web-container-deploy-base/opensso/config/auth/default/user_inactive.jsp.

  2. Add the sections of code highlighted in bold in the following example:


    ...
<head>
<title><jato:text name="htmlTitle_UserInactive" /></title>
<%
String ServiceURI = (String) viewBean.getDisplayFieldValue(viewBean.SERVICE_URI);
System.out.println("AccountId: " + request.getParameter("IDToken1"));
System.out.println("goto: " + request.getParameter("goto"));
System.out.println("plaingoto: " + request.getParameter("plaingoto"));
String accountId = request.getParameter("IDToken1");
String gotoURL = request.getParameter("plaingoto");
String redirectURL = 
     "http://HostName.domainName.com:6480/idm/authutil/anonResetPassword.jsp";
         if(accountId != null){
redirectURL = redirectURL + "?accountId=" + accountId;
}

if(gotoURL != null && !gotoURL.equals("null") && (gotoURL.length() > 0)){
if(accountId == null){
redirectURL = redirectURL + "?goto=" + gotoURL;
}else{

redirectURL = redirectURL + "&goto=" + gotoURL;

}

}    

%>


...
<div class="AlrtMsgTxt">
<auth:resBundle bundleName="amAuthUI" resourceKey="contactadmin" />

<!-- hyperlink -->

<jato:content name="ContentHref">
<p><a href="<%= redirectURL %>">Unlock Yourself</a></p>
</jato:content>
</div>
</td></tr></table></div></td>
</tr>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td><img src="<%= ServiceURI %>/images/dot.gif"
width="1" height="33" alt="" /></td>
<td>&nbsp;</td>
</tr>
...

  3. Embedded in the JSP, you will see the URL to the Identity Manager page that allows the account unlock. Modify this URL as per your deployment.

  4. Remove the web containers temporary, compiled JSP to ensure that the changes made are picked up.

    For example, if using GlassFish, the temporary, compiled classes can be found under glassfish-home/domains/your-domain/generated/.

  5. Restart the OpenSSO Enterprise web container after making the changes.

ProcedureTo Use the Sample Account Lockout Message Page

  1. Locate the file opensso/integrations/idm/jsps/user_inactive.jsp in the opensso.zip distribution.

  2. Replace the deployed /web-container-deploy-base/opensso/config/auth/default/user_inactive.jsp with the modified file.

    Choose only one of the following options:

    You can replace your existing user_inactive.jsp with the sample user_inactive.jsp. If you choose this option, the following will occur:

    • You will lose any custom changes made to the existing user_inactive.jsp.

    • You will inherit changes that might have been previously made to the sample user_inactive.jsp to incorporate requirements for other use cases related to the OpenSSO integration with Identity Manager.

    • You must change the Identity Manager URL embedded in the user_inactive.jsp to reflect your Identity Manager system URL. Search for the string /idm in the sample Login.jsp file to locate these URLs.

      The Identity Manager URL used in the sample mentions the page anonResetPassword.jsp. However, you might want to direct the user to the forgotten-password page questionLogin.jsp instead. If the user has accidentally locked his account, he may not know his password to be able to reset it.

    Alternatively, you can manually make the changes to the file. If you choose this option, run the diff command to view the differences between the two files.

  3. Remove the web containers temporary, compiled JSP to ensure that the changes made are picked up.

    For example, if using GlassFish, the temporary, compiled classes can be found under glassfish-home/domains/your-domain/generated/.

  4. Restart the OpenSSO Enterprise web container after making the changes.