This section describes how to customize your custom portal pages for Impersonation. To determine if you have customized Identity Server, see Section 4.1.3, Customizing Identity Server.
To implement the customization in your customized Identity Server, you must understand which files to modify and when to display the modified files.
Access Manager uses two .jsp files that control how Impersonation functions. You can load these files as stand-alone web pages, or into an iFrame on an existing web page. The files are defined in the following table:
Table 27-1 Impersonation JSP Files
|
File name |
Location |
Description |
|---|---|---|
|
impersonator.jsp |
https://NIDP-hostname:port/nidp/jsp/impersonator.jsp |
The impersonator.jsp file controls all impersonator actions, including sending a help desk session request to the impersonatee, seeing the status of a help desk session request that has already been sent, canceling a help desk session request, and ending a current help desk session. |
|
impersonatee.jsp |
https://NIDP-hostname:port/nidp/jsp/impersonatee.jsp |
The imperonatee.jsp controls all impersonatee actions, including seeing a help session request from the impersonator, approving or denying the request, and seeing whether a previously approved request is active or has ended. |
If you have built a custom user portal for your users, there is an additional file you must edit. The file is located on Identity Server at /opt/novell/nids/lib/webapp/jsp/impersonator.jsp. You need to make a change to the default login page (line 218):
window.parent.location = "/nidp/portal";
You must make a different change depending on if the custom user portal loads as an iFrame or a stand-alone web page.
iFrame: You must change "/nidp/portal" to be the full URL of the page that loads when an active impersonation session starts. For example:
window.parent.local="URL of the page that loads after an active impersonation session starts"
Stand-alone web page: You must also change the line to:
window.location="URL of the page that loads after an active impersonation session starts"
You must build logic into your custom web pages of when to show the impersonator.jsp file or the impersonatee.jsp file for a specific authenticated session. Also, use the following information to build the menu options in the web pages for impersonation.
There is an endpoint in Identity Server that the default User Portal uses to determine which impersonation-related menu items to display for a particular end-user session. The endpoint is located at: https://NIDP-hostname:port/nidp/portal/uiIcons.xml
When you send an HTTP GET request to that endpoint from an authenticated session, it returns XML similar to the following:
<UIIcons> <UIIcon altText="Help Desk Session..." linkTarget="_top" tags="LANDING_PAGE|width=425|type=dialog|height=300" title="Help Desk Session..." url="nidp/jsp/impersonatee.jsp"/> <UIIcon altText="Start Help Desk Session..." linkTarget="_top" tags="LANDING_PAGE|width=425|type=dialog|height=300" title="Start Help Desk Session..." url="nidp/jsp/impersonator.jsp"/> </UIIcons>
Within the UIIcons element, there are zero, one, or two child elements named UIIcon. The title attribute on those elements is one of the following three strings (if the user's locale indicates English):
End Help Desk Session
When this element is available, the default User Portal displays a menu item with the same name. When a user selects this menu item, it ends impersonation by calling https://NIDP-hostname:port/nidp/app/ilogout.
NOTE:The impersonator.jsp file also includes a way to end a current impersonation session, so you do not need to check or act on this particular element if you have implemented this in the impersonator.jsp file.
This element is available only if the Impersonation feature is enabled in Administration Console, and only if the currently authenticated session is an active impersonation session.
When this element is available, the other two elements: Start Help Desk Session and Help Desk Session are not available.
Start Help Desk Session
When this element is available, the default User Portal displays a menu item with the same name. When a user selects this menu item, the User Portal loads impersonator.jsp in an iFrame.
This element is only available if the Impersonation feature is enabled in Administration Console, the currently authenticated session is not an active impersonation session, and the currently authenticated user has a help desk role (as configured in the Impersonation feature configured in Administration Console).
When this element is available, the Help Desk Session element is also available.
Help Desk Session
When this element is available, the default User Portal displays a menu item with the same name. When a user selects this menu item, the User Portal loads the impersonatee.jsp file in an iFrame.
This element is available only if the Impersonation feature is enabled in Administration Console, and the currently authenticated session is not an active impersonation session.
When this element is available, the Start Help Desk Session element might also be available, if the currently authenticated user has a help desk role (as configured in the Impersonation feature configuration in Administration Console).