Modify single sign-on for SAML pages
You can customize the IBM® Security Verify single sign-on (SSO) for Security Assertion Markup Language (SAML) pages for your business.
For more information about SAML authentication, see A SAML Enterprise identity provider.
To update the SAML pages, download the compressed theme file. Edit the pages as needed and then upload the updated themes file back to your tenant. For more information, see Updating a theme.
The IBM Security Verify SAML pages are located in the templates\authentication\saml\ directory within the themes compressed file.
The following SAML pages are available for customization:
The SAML error pages are located in the templates\authentication\saml\error\default directory.
The SAML error pages are:
This page is displayed when a SAML access verification is denied. Update the access_denied_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_ACCESS_DENIED_ERROR_TITLE$
- $GENERIC_ACCESS_DENIED_ERROR_MESSAGE$
- $GENERIC_ACCESS_DENIED_ERROR_DESCRIPTION$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
- $GENERIC_ERROR_HIDE_DETAILS$
The SAML page that is displayed when a generic error occurs. Update the generic_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_ERROR_TITLE$
- $GENERIC_ERROR_HEADER$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_REQUEST_ADDRESS$
- $GENERIC_ERROR_ERROR_DETAILS$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
- $GENERIC_ERROR_HIDE_DETAILS$
This page is displayed when a component is missing during SAML authentication. Update the missing_component_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_MISSING_COMPONENT_ERROR_TITLE$
- $GENERIC_MISSING_COMPONENT_ERROR_MESSAGE$
- $GENERIC_MISSING_COMPONENT_ERROR_DESCRIPTION$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_REQUEST_ADDRESS$
- $GENERIC_ERROR_ERROR_DETAILS$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
- $GENERIC_ERROR_HIDE_DETAILS$
This page is displayed when SAML authentication is required. Update the need_authentication_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_NEED_AUTHENTICATION_ERROR_TITLE$
- $GENERIC_NEED_AUTHENTICATION_ERROR_MESSAGE$
- $GENERIC_NEED_AUTHENTICATION_ERROR_DESCRIPTION$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_REQUEST_ADDRESS$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
- $GENERIC_ERROR_HIDE_DETAILS$
This page is displayed when there's a SAML protocol error during authentication. Update the protocol_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_PROTOCOL_ERROR_TITLE$
- $GENERIC_PROTOCOL_ERROR_MESSAGE$
- $GENERIC_PROTOCOL_ERROR_DESCRIPTION$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_REQUEST_ADDRESS$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
This page is displayed when there's a SAML routing error during authentication. Update the routing_error.html file to modify the page. Text changes can be made to the page by using HTML markup.
- $GENERIC_NO_PROT_DET_ERROR_TITLE$
- $GENERIC_NO_PROT_DET_ERROR_MESSAGE$
- $GENERIC_NO_PROT_DET_ERROR_DESCRIPTION$
- $GENERIC_ERROR_OCCURRED_AT$
- $GENERIC_ERROR_REQUEST_ADDRESS$
- $GENERIC_ERROR_CONTACT_SUPPORT$
- $GENERIC_ERROR_SUPPORT_URL$
- $GENERIC_ERROR_VIEW_DETAILS$
- $GENERIC_ERROR_HIDE_DETAILS$
The SAML SSO pages are located in the templates\authentication\saml\sso\default directory.
The SAML SSO pages are:
The consent to federate page is an HTML form that prompts a user to give consent in joining a federation. You can customize the consent to federate page to specify what information it requests from a user. Update the saml_consent_to_federate.html file to modify the page.
- $SAML2_TITLE_CONSENT$
- $SAML2_MESSAGE_CONSENT_DESCRIPTION$
- $SAML2_MESSAGE_CONSENT_QUESTION$
- $SAML2_BUTTON_CONSENT_DENY$
- $SAML2_BUTTON_CONSENT_APPROVE$
The NameID management success page is displayed when the Name Identifier for the SAML assertion to the service provider is authenticated. For more information, see Configuring the SAML subject and mapping attributes. Update the saml_name_id_management_success.html file to modify the page.
- $SAML2_TITLE_NIMGMT_SUCCESS$
- $SAML2_TITLE_NIMGMT_UPDATE_SUCCESS$
- $SAML2_MESSAGE_NIMGMT_UPDATE_SUCCESS$
- $SAML2_TITLE_NIMGMT_TERMINATE_SUCCESS$
- $SAML2_MESSAGE_NIMGMT_TERMINATE_SUCCESS$
As a service provider, a SAML request is sent to the identity source from the user browser to authenticate the user and generate a SAML token. The SAML post request page is displayed when the user's browser receives the SAML authorization request message before the requested identity source authenticates the user. Update the saml_request_post.html file to modify the page.
- $SAML_POST_REQUEST_TITLE$
- $SAML_POST_REQUEST_BUTTON$
- $SAML_POST_REQUEST_WAIT$
When an application is accessed, the SAML Post Response page is displayed after the user is authenticated successfully, the SAML token is generated and sent to the application from user's browser. The SAML Post Response page is displayed when the user's browser receives the SAML token response before access is granted to the requested application. Update the saml_response_post.html file to modify the page.
- $SAML_POST_RESPONSE_TITLE$
- $SAML_POST_RESPONSE_BUTTON$
- $SAML_POST_RESPONSE_WAIT$
The single logout response page is displayed to the user when logging out of IBM Security Verify. The state of the logout is displayed on the page. Update the saml_single_logout_result.html file to modify the page.
- $SAML2_LABEL_LOGOUT_SUCCESS$
- $SAML2_LABEL_LOGOUT_FAILED$
- $SAML2_TITLE_LOGOUT_SUCCESS$
- $SAML2_LOGOUT_RESULT_SUCCESS$
- $SAML2_TITLE_LOGOUT_NO_LOGIN$
- $SAML2_LOGOUT_RESULT_NO_LOGIN$
- $SAML2_TITLE_LOGOUT_PARTIAL$
- $SAML2_LOGOUT_RESULT_PARTIAL$
- $SAML2_LABEL_LOGOUT_SUCCESS$
- $SAML2_TITLE_LOGOUT_FAILED$
- $SAML2_LOGOUT_RESULT_FAILED$
- $SAML2_LABEL_LOGOUT_NOT_SUPPORTED$
- $SAML2_LABEL_LOGOUT_NO_RESPONSE$
- $PRODUCT_NAME$
To change the page header, footer, and style on the SAML pages, see Create common branding.