NOTE:
As of 6.4.0.26, the custom login page must reside on your webNetwork server.
The following line must also be included in the login form:
<input type="hidden" name="csrfToken" value="<c:out value='${csrfToken}'/>"/>
While we currently allow CSS customization of the login page, a customer can only go so far with that. For the most part, they can only change the login box size, logo, colors, fonts, etc. If they want a completely custom login page, there are two options.
1. Embed loginForm.jsp into an existing or custom page. loginForm.jsp (located under /webserv) contains the logic to display a login form (i.e. – username, password) and a submit button. If the style of the login form needs to be changed, it can be done so through the Profile Editor.
2. Customize our login pages. This method is not recommended because if they change our files, then they will lose them after an upgrade. They can rename all of the affected files to avoid this, but even that has its issues. If they want to go this route, here is what they will need to change:
1. LoginPolicy.jsp. This page is loaded directly after index.jsp. It is the starting point for customizations to the login page. This is the page that will load if Login Policies are enabled. If not, NoLoginPolicy.jsp will load, which I am not covering in this document. This page has very little in it; instead, it pulls from different JSPF (JSP Fragment) files to do its work. It was done this way, so that changes can be made to the fragments, and those changes will show up in all of the ‘login pages’, such as Reset Password.
2. commonHeadWebOS.jspf – located under /webserv/WEB-INF/jspf, this file contains some header tags, page title, stylesheet includes, and dojo javascript includes. No actual page markup is in this file.
3. Next, LoginPolicy.jsp has one css selector in a <style/> block. This is used to override the default height of the login box. This value can be changed in the Profile Editor, via a setting (as of 5.3).
4. commonContentHeaderWebOS.jspf – this jsp fragment includes the first actual html that can be modified. This includes the first portion of the dojo login box html, as well as the company logo. Most dojo settings in here can be customized via Settings in the Profile Editor, or through style in Login Pages section. If customers choose, they can edit this file to make changes to all login pages.
5. loginForm.jspf - This file will read the LoginPolicy and output the appropriate inputs and a submit button. This file should not be edited. The style of the inputs and button can be edited from the Profile Editor
6.
commonContentFooterWebOS.jspf – this file contains the closing html of the login page. The login box is closed out and the copyright text is output. The very last <div/> in there corresponds to the LoginBox div in commonContentHeaderWebOS.jspf. So, customers should be careful to close any tags in here, that weren’t closed in commonContentHeaderWebOS.jspf.
Of course, customers don’t have to follow this convention. They can just edit LoginPolicy.jsp to whatever they want, as long as they keep loginForm.jsp. However, if they do this, none of the other login pages, error pages, etc will match their new style.