Sun ONE Identity Server Programmer's Guide
|
Sun ONE Identity Server Programmer's Guide |
Chapter 2 The Identity Server Console
The Identity Server console is a web interface for managing and monitoring identities, services and resources throughout the Identity Server deployment. It is built with Sun™ One Application Framework, a Java™ 2 Enterprise Edition (J2EE) web application framework used to help developers build functional web applications. XML files, Java Server Pages (JSP) and Cascading Style Sheets (CSS) are used to define the look of the web pages. This chapter explains the console, its pluggable architecture and how to customize it. It contains the following sections:
Overview
Customizing The Console
Customizing The User Profile View
Miscellaneous Customizations
Console Sample
Overview
The Identity Server console is a browser-based interface for creating, managing and monitoring identities, web services and enforcement policies throughout an Identity Server deployment. It allows administrators with different levels of access restrictions to, among other things, create organizations, add (or remove) users to (or from) those organizations, and establish enforcement policies that protect and limit access to the organization's resources. Towards this end, the console ships with four modules: Identity Management (including user and policy management), Service Configuration, Current Sessions and Federation Management. Customization of these modules and the Identity Server console can be achieved, in varying degrees, by modifying the JSP and XML files of the graphical user interface (GUI) as well as extending the JATO ViewBeans.
Console Interface
The console is divided into three frames as pictured in Figure 2-1: Header, Navigation and Data. The Header frame displays branding information as well as the Full Name of the currently logged-in user. (The Full Name refers to the value of the cn attribute in the user's LDAP profile.) The Common Name, which may or may not be the same as the user ID, also links to the user's profile. The Header frame also contains a set of tabs to allow the user to switch between the management modules, hyperlinks to the Identity Server Help, a Search function for searching the directory information tree (DIT) and a Logout link. Actions performed in the Header frame affect the other two frames. The Navigation frame displays the object hierarchy of the module chosen. The Data frame displays the attributes of the object selected from the hierarchy in the Navigation frame.
Plug-In Modules
An external application may also be plugged-in to the Identity Server console as a module, gaining complete control of the Navigation and Data frames for its specific functionality. In this case, a tab with the name of the custom application needs to be added to the Header frame. An XML definition of the module name, class, and i18n filename is used to track registered views, and route request traffic to them. The application developer would create the JSPs for both left and right frames, and all view beans, and models associated with them.
Architecture
When the Identity Server console receives an http(s) request from a web browser, it first determines whether the requestor has been authenticated. If there is no valid single sign-on (SSO) token, the request is redirected to the Authentication Service. When the user has successfully authenticated to the Identity Server, the Authentication Service redirects the original request back to the console. The console will be dynamically built for the authenticated user based on the access assigned to them.
Figure 2-1 The Identity Server Console
Customizing The Console
The Identity Server console uses JSP, CSS and XML files to define the look and feel of the HTML pages used to generate its frames. An administrator can customize the console by changing the tags in these files accordingly. All of these files can be found in the <identity_server_root>/SUNWam/web-apps/applications/ console directory. The files in this directory provide a default interface. To customize the console for a specific organization, this console directory could be copied and renamed to reflect the name of the organization (or any value). It would be placed at the same directory level as the default and the files within it would then be modified as needed. For example, the customized console files for the organization dc=example, dc=com could be found in the <identity_server_root>/SUNWam/web-apps/applications/example directory. (The console can also be modified by simply replacing the default images in <identity_server_root>/SUNWam/web-apps/applications/console/images, with new, similarly named images.)
Default Console Directory
The look and feel of the console is defined by both CSS and JSP. These files are contained in the default console directory, located in <identity_server_root>/ SUNWam/web-apps/applications/. When copied and renamed for a specific organization, the files can be modified to reflect the organization's standards. Following is the default structure of the directory:
auth contains JSPs for the Authentication Service.
base contains JSPs that are not service-specific.
css contains adminstyle.css which defines styles for the console.
dss contains JSPs related to the Security Service.
federation contains JSPs related to the Federation Management module.
html contains miscellaneous HTML files.
images contains images referenced by the JSP.
js contains JavaScript files.
policy contains JSPs related to the Policy Service.
service contains JSPs related to the Service Management module.
session contains JSPs related to the Session Management module.
user contains JSPs related to identity management. This includes views for creating and displaying objects.
Creating Custom Organization Files
To customize the Identity Server console for a specific organization, the default console directory should first be copied and renamed (ideally to reflect the name of the organization). The copy is placed on the same level as the default directory and the files modified as needed.
Change to the directory where the default templates are stored.
Create a new directory at that level.
Copy all the properties and JSP files from the console directory into the new directory.
Customize the files in the new directory.
Modify the AMBase.jsp file.
Code Example 2-1 The AMBase.jsp File
|
Copyright © 2002 Sun Microsystems, Inc. All rights reserved. |
|
|
Modify the JSP Directory Name attribute in the particular organization's Administration Service.
Precompiling JSP Files
The JSP files used for the console interface need to be compiled. By default, the files are compiled automatically when the first user accesses the console. Because of this, the first user must wait before they are directed to the interface. The system administrator can precompile the JSPs by running the following command:
<identity_server_root>/SUNWam/servers/bin/https/bin/jspc -webapp <identity_server_root>/SUNWam/web-apps/applications
Customizing The User Profile View
The Identity Server console creates a default User profile view based on information defined in amUser.xml. (Attributes defined as User attributes in specific XML service files can also be displayed.) A customized User profile view with functionality more appropriate to the organization's environment can be defined by creating a new ViewBean and/or a new JSP.
|
A ViewBean is a JavaBean written specifically for rendering display. In Identity Server, each identity has its own Profile ViewBean. For example, the user profile has the UMUserProfileViewBean. |
To illustrate, an organization might want User profile attributes to be formatted differently than the default vertical listing provided. Another customization option would be to break up complex attributes into smaller ones. (Currently, the server names are listed as <protocol>://<Identity Server_host.domain>:<port>. Instead, the display can be customized with three fields:
<protocol_chooser_field>://<server_text_field>:<port_text_field>.
For a third option, JavaScript can be added to the ViewBean to dynamically update attribute values based on other defined input. The custom JSP should be placed in the <identity_server_root>/SUNWam/web-apps/applications/console/user directory and the ViewBean placed in the classpath com.iplanet.am.console.user. The value of the attribute User Profile Display Class in the Administration Service (iplanet-am-admin-console-user- profile-class in the amAdminConsole.xml service file) would then be changed to the name of the newly created ViewBean. The default value of this attribute is com.iplanet.am.console.user.UMUserProfileViewBean.
Miscellaneous Customizations
Included in this section are instructions for several customizations that can be configured for the Identity Server console.
Changing Default Attribute Display
The console auto-generates pages based on the definition of a service's attributes in an XML service definition file. As documented in The sms.dtd Structure"The sms.dtd Structure", each service attribute is defined with XML attributes type and syntax. Type specifies the kind of value the attribute will take; syntax defines the format of the value. These syntax can be changed to alter the console display. Table 2-1 is a listing of the different values that can be used with these XML attributes.
Table 2-1 Attribute Display Elements
For example, an attribute of the single_choice type displays its values as a drop down list which allows only one value to be selected. This list can also be presented as a set of radio buttons which allows only one value to be selected. Code Example 2-2 specifies the uitype for the attribute named test-attribute as radio button choices. Deleting uitype from the attribute schema and the default torpedoing menu is displayed.
Code Example 2-2 uitype XML Attribute Sample
|
|
Localizing The Console
All textual resource strings used in the console can be found in the <identity_server_root>/SUNWam/locale/amAdminModuleMsgs.properties file. The default language is English (en_US). Modifying this file with messages in a foreign language will localize the console.
Customizing Background Colors
All background colors are configurable using the Identity Server style sheet adminstyle.css located in the <identity_server_root>/SUNWam/web-apps/ applications/console/css directory. For instance, to change the background color for the navigation frame, modify the BODY.navFrame tag. It takes either a text value for standard colors (blue, green, red, yellow, etc.) or a hexadecimal value (#ff0000, #aadd22, etc.). Replacing the default with another value will change the background color of the navigation frame after the console is closed and reopened. Code Example 2-3 illustrates this concept.
Code Example 2-3 BODY.navFrame Portion of adminstyle.css
Plugging In A New Module
The attribute View Menu Entries in the Administration Service (iplanet-am- admin-console-view-menu in the amAdminConsole.xml service file) carries the names of the modules plugged into the Identity Server console. More information on the service file can be found in Chapter 6 "Service Management."
Displaying Container Objects
To get container objects to display in the Identity Server console, the following attributes need to be enabled in the Administration Service.
Display Containers In Menu must be enabled in order for the console to show either people containers or group containers.
Console Sample
Sample files have been included to help understand how the Identity Server console can be customized. They help to explain the Java™ 2 Enterprise Edition (J2EE) web application framework used. In addition, Java classes are extended from the console APIs and new JSP files are created. Existing XML and properties files are also used. These files are located in <identity_server_root>/SUNWam/ samples/console. Open the README file in this directory for instructions on how to run the sample.
Previous Contents Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated December 02, 2002