Managing Web Pages

With MIRACL Trust SSO it is possible to configure web pages to display error messages, a logout page, a list of authorized Service Providers the logged in user has access to and a page which requires to enter user_id for the authentication.

A simple example of an authorized SP page would be:

authorized-sps-web-page

Default HTML templates

If the pages parameters are not populated then it defaults to auto-populating the template parameters with very simple html 1.0 code, which is suitable for local testing of the program.

For testing, the /etc/miracl-sso/integrations/pages_template.yaml file contains parameters that can be used to load simple html templates for displaying error, logout and services pages (remember that these parameters do not have to be stored in this file, they can be stored in any file that is then listed in the config.yaml includes list):

pages:
  error:
    template: >-
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
      xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type"
      content="text/html; charset=UTF-8" /><title>SSO
      ERROR</title></head><body><h1>SSO ERROR</h1><h2>{{.Data}}</h2><div><a
      href="{{.URL}}/services" title="SSO Login">SSO LOGIN</a> <a
      href="{{.URL}}/logout" title="Terminate the main SSO session">SSO
      LOGOUT</a></div><div><table><tr><th>FIELD</th><th>VALUE</th></tr>
      <tr><td>Program</td><td>{{.Program}}</td></tr><tr><td>Version</td>
      <td>{{.Version}}</td></tr><tr><td>Release</td><td>{{.Release}}</td></tr><tr><td>IdP
      URL</td><td>{{.URL}}</td></tr><tr><td>DateTime</td><td>{{.DateTime}}</td></tr>
      <tr><td>Timestamp</td><td>{{.Timestamp}}</td></tr><tr><td>Status</td>
      <td>{{.Status}}</td></tr><tr><td>Code</td><td>{{.Code}}</td></tr>
      <tr><td>Message</td><td>{{.Message}}</td></tr><tr><td>Data</td>
      <td>{{.Data}}</td></tr></table></div></body></html>
  logout:
    template: >-
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
      xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type"
      content="text/html; charset=UTF-8" /><title>SSO
      LOGOUT</title></head><body><h1>SSO LOGOUT</h1><h2>The IDP Session has been
      successfully deleted</h2><div><a href="{{.URL}}/services" title="SSO Login">SSO
      LOGIN</a></div><h3>Logout links of visited Service Providers:</h3><ul>{{ range
      $name, $logout := .SPList }}<li><a href="{{ $logout }}" title="Logout from {{
      $name }}" target="_blank">{{ $name }}</a></li>{{ end }}</ul></body></html>
  services:
    template: >-
      "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html
      xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type"
      content="text/html; charset=UTF-8" /><title>SSO Authorized Service
      Providers</title></head><body><h1>SSO Authorized Service
      Providers</h1><h2>{{.SessionUserName}}</h2><div><a href="{{.URL}}/logout"
      title="Terminate the main SSO session">SSO LOGOUT</a></div><ul>{{ range $sp :=
      .SPList }}<li><strong>{{ $sp.Name }}</strong> <em>{{ $sp.Description
      }}</em><ul><li><a href="{{ $sp.IDPLogin }}" title="IdP-Login: {{ $sp.Description
      }}" target="_blank">IdP-initiated login</a></li><li><a href="{{ $sp.Login }}"
      title="Login: {{ $sp.Description }}" target="_blank">Login Page</a></li><li><a
      href="{{ $sp.Logout }}" title="Logout: {{ $sp.Description }}"
      target="_blank">Logout</a></li></ul></li>{{ end }}</ul></body></html>"
  user_id:
    template: >-
      "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html 
      xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type"
      content="text/html; charset=UTF-8" /><title>SSO User ID</title></head>
      <body><form action="{{.URL}}/services"><label for="userid">Enter the user
      id you want to authenticate with</label><br><input type="text" id="userid" 
      name="userid" value=""><br><input type="submit" value="Submit"></form></body></html>"

You note that the above snippet is different to the actual /etc/miracl-sso/integrations/pages_template.yaml file. It contains the templates that the config schema loads by default if no web page parameters are filled in (for either html templates or fully-configured web pages).

  • The program is set up to serve authentication errors (404s, LDAP errors, SAML errors etc.) in json format. The above error page template example shows the variables that are available. Note that the Data field contains the error message.

  • It is possible to configure a logout page which gives a list of services the user is logged into for the current session. The logout page is served at the /logout endpoint of your server. Visiting this deletes the cookie associated with the session. The user can then click on any of these services to log out of that particular service (the logout links are configured in the individual SP config sections).

  • It is possible to make use of the /services endpoint to present a ‘landing page’ list of services that the user is authorized to access. Accessing this endpoint presents the user with a QR or browser login page, followed by a ‘landing page’ which presents the SPs that user is authorized to access by LDAP/AD config as below.

  • When the MIRACL Trust SSO has multiple configured IdPs and some of them contain user privilegies rules, it needs to know the user id before handling the request. Then /user_id page is called, so the user could enter the user_id which they want the request to be authorized with.