Modify single sign-on for SAML pages

You can customize the IBM® Security Verify single sign-on (SSO) for Security Assertion Markup Language (SAML) pages for your business.

For more information about SAML authentication, see A SAML Enterprise identity provider.

To update the SAML pages, download the compressed theme file. Edit the pages as needed and then upload the updated themes file back to your tenant. For more information, see Updating a theme.

The IBM Security Verify SAML pages are located in the templates\authentication\saml\ directory within the themes compressed file.

The following SAML pages are available for customization:

SAML Error pages

The SAML error pages are located in the templates\authentication\saml\error\default directory.

The SAML error pages are:

Modify access denied error page

This page is displayed when a SAML access verification is denied. Update the access_denied_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_ACCESS_DENIED_ERROR_TITLE$
  • $GENERIC_ACCESS_DENIED_ERROR_MESSAGE$
  • $GENERIC_ACCESS_DENIED_ERROR_DESCRIPTION$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$
Modify generic error page

The SAML page that is displayed when a generic error occurs. Update the generic_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML generic error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_ERROR_TITLE$
  • $GENERIC_ERROR_HEADER$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_ERROR_DETAILS$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$
Modify missing component error page

This page is displayed when a component is missing during SAML authentication. Update the missing_component_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_MISSING_COMPONENT_ERROR_TITLE$
  • $GENERIC_MISSING_COMPONENT_ERROR_MESSAGE$
  • $GENERIC_MISSING_COMPONENT_ERROR_DESCRIPTION$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_ERROR_DETAILS$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$
Modify need authentication error page

This page is displayed when SAML authentication is required. Update the need_authentication_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_NEED_AUTHENTICATION_ERROR_TITLE$
  • $GENERIC_NEED_AUTHENTICATION_ERROR_MESSAGE$
  • $GENERIC_NEED_AUTHENTICATION_ERROR_DESCRIPTION$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$
Modify protocol error page

This page is displayed when there's a SAML protocol error during authentication. Update the protocol_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_PROTOCOL_ERROR_TITLE$
  • $GENERIC_PROTOCOL_ERROR_MESSAGE$
  • $GENERIC_PROTOCOL_ERROR_DESCRIPTION$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
Modify routing error page

This page is displayed when there's a SAML routing error during authentication. Update the routing_error.html file to modify the page. Text changes can be made to the page by using HTML markup.

The following labels are available on the SAML error page. To update the text on these labels, see Customizing labels.
  • $GENERIC_NO_PROT_DET_ERROR_TITLE$
  • $GENERIC_NO_PROT_DET_ERROR_MESSAGE$
  • $GENERIC_NO_PROT_DET_ERROR_DESCRIPTION$
  • $GENERIC_ERROR_OCCURRED_AT$
  • $GENERIC_ERROR_REQUEST_ADDRESS$
  • $GENERIC_ERROR_CONTACT_SUPPORT$
  • $GENERIC_ERROR_SUPPORT_URL$
  • $GENERIC_ERROR_VIEW_DETAILS$
  • $GENERIC_ERROR_HIDE_DETAILS$
SAML Single Sign-on (SSO) pages

The SAML SSO pages are located in the templates\authentication\saml\sso\default directory.

The SAML SSO pages are:

Modify SAML consent to federate page

The consent to federate page is an HTML form that prompts a user to give consent in joining a federation. You can customize the consent to federate page to specify what information it requests from a user. Update the saml_consent_to_federate.html file to modify the page.

The following labels are available on the SAML consent to federate page. To update the text on these labels, see Customizing labels.
  • $SAML2_TITLE_CONSENT$
  • $SAML2_MESSAGE_CONSENT_DESCRIPTION$
  • $SAML2_MESSAGE_CONSENT_QUESTION$
  • $SAML2_BUTTON_CONSENT_DENY$
  • $SAML2_BUTTON_CONSENT_APPROVE$
Modify SAML NameID management success page

The NameID management success page is displayed when the Name Identifier for the SAML assertion to the service provider is authenticated. For more information, see Configuring the SAML subject and mapping attributes. Update the saml_name_id_management_success.html file to modify the page.

The following labels are available on the SAML name ID management success page. To update the text on these labels, see Customizing labels.
  • $SAML2_TITLE_NIMGMT_SUCCESS$
  • $SAML2_TITLE_NIMGMT_UPDATE_SUCCESS$
  • $SAML2_MESSAGE_NIMGMT_UPDATE_SUCCESS$
  • $SAML2_TITLE_NIMGMT_TERMINATE_SUCCESS$
  • $SAML2_MESSAGE_NIMGMT_TERMINATE_SUCCESS$
Modify SAML request post page

As a service provider, a SAML request is sent to the identity source from the user browser to authenticate the user and generate a SAML token. The SAML post request page is displayed when the user's browser receives the SAML authorization request message before the requested identity source authenticates the user. Update the saml_request_post.html file to modify the page.

The following labels are available on the SAML request post page. To update the text on these labels, see Customizing labels.
  • $SAML_POST_REQUEST_TITLE$
  • $SAML_POST_REQUEST_BUTTON$
  • $SAML_POST_REQUEST_WAIT$
Modify SAML response post page

When an application is accessed, the SAML Post Response page is displayed after the user is authenticated successfully, the SAML token is generated and sent to the application from user's browser. The SAML Post Response page is displayed when the user's browser receives the SAML token response before access is granted to the requested application. Update the saml_response_post.html file to modify the page.

The following labels are available on the SAML response post page. To update the text on these labels, see Customizing labels.
  • $SAML_POST_RESPONSE_TITLE$
  • $SAML_POST_RESPONSE_BUTTON$
  • $SAML_POST_RESPONSE_WAIT$
Modify SAML single logout response page

The single logout response page is displayed to the user when logging out of IBM Security Verify. The state of the logout is displayed on the page. Update the saml_single_logout_result.html file to modify the page.

The following labels are available on the single logout response page. To update the text on these labels, see Customizing labels.
  • $SAML2_LABEL_LOGOUT_SUCCESS$
  • $SAML2_LABEL_LOGOUT_FAILED$
  • $SAML2_TITLE_LOGOUT_SUCCESS$
  • $SAML2_LOGOUT_RESULT_SUCCESS$
  • $SAML2_TITLE_LOGOUT_NO_LOGIN$
  • $SAML2_LOGOUT_RESULT_NO_LOGIN$
  • $SAML2_TITLE_LOGOUT_PARTIAL$
  • $SAML2_LOGOUT_RESULT_PARTIAL$
  • $SAML2_LABEL_LOGOUT_SUCCESS$
  • $SAML2_TITLE_LOGOUT_FAILED$
  • $SAML2_LOGOUT_RESULT_FAILED$
  • $SAML2_LABEL_LOGOUT_NOT_SUPPORTED$
  • $SAML2_LABEL_LOGOUT_NO_RESPONSE$
  • $PRODUCT_NAME$

To change the page header, footer, and style on the SAML pages, see Create common branding.