Template page scripting

You can use JavaScript to add server-side scripting for Advanced Access Control and Federation template pages. You can use JavaScript functions, closures, objects, and delegations.

Usage

You can customize template files or pages on the server. For example, you can customize an error message that is displayed by the runtime server.

The template files menu is located under both the Secure Federation and Secure Access Control menus.

To edit a Federation template file, go Secure Federation > Template Files, select the specific template file, and click Edit.

To edit a Secure Access Control template file, go to Secure Access Control > Template Files, select the specific template file, and click Edit.

The JavaScript engine supports the following syntax:

Insert JavaScript code between <% and %>.
Embed JavaScript expressions between <%= and %>.

Example tasks

Access whitelisted Java classes. For example,
```
var javaStr = new java.lang.String("Hello")
```
Access all the macro variables through templateContext. The standard object to access a Java object is templateContext. For example,
```
templateContext.macros["@TIMESTAMP@"]
```
Use the document.write function to write content to the output stream. For example,
```
templateContext.response.body.write("Hello")
```

Examples

Template HTML Output

Table 1. Example JavaScript
Template HTML	Output
`<% var contents = {product:"ISAM",department:"Lab",country:"SG",region:"Asia"}; templateContext.response.body.write(contents.product); %>`	`ISAM`
`<% var date = templateContext.macros["@TIMESTAMP@"].substring(0, 10); templateContext.response.body.write(date); %>`	2017-01-25

<%
var contents = {product:"ISAM",department:"Lab",country:"SG",region:"Asia"};
templateContext.response.body.write(contents.product); 
%>

ISAM

<%
var date = templateContext.macros["@TIMESTAMP@"].substring(0, 10);
templateContext.response.body.write(date);
%>

2017-01-25

The following code example shows how to use repeatable macros. The following example shows an OAuth consent page.

<%
var test = templateContext.macros["oauthTokenScopeNewApprovalRepeatable"];
n = test.length;
for (i=0; i<n; i++){
		var scope = test[i]["@OAUTH_TOKEN_SCOPE_REPEAT@"];
		if (scope == "contacts"){
			label ="Do you grant permission to the client to access your phone book";
		}
		else if (scope == "photos"){
			label ="Do you grant permission to the client to access your photos";
		}
		else if (scope == "messages"){
			label ="Do you grant permission to the client to access your WhatsApp messages";
		}
		else{
			label ="Do you grant permission to the client to access your "+scope;
		}
%>

Limitations

JavaScript validation is done only when a template file is edited (imported) or created. A template file that is imported as a part of an Import compressed file is not validated.
You must restart the runtime manually to activate changes to OpenId Connect template files. In the administrative interface, click Secure Federation -> Runtime Tuning -> Restart Runtime.
When you access a variable, do not end the variable name with a semicolon. For example, in the following JavaScript, do not end <%=example%> with a semicolon <%=example;%>.
```
<%var example = "Hello World"; %> 
<%=example%>
```
The correct syntax is <%=example%>. Do not use the incorrect syntax <%=example;%>.
You cannot use the template page JavaScript with the following list of files:
- authsvc/usc/lost-id/email.xml
- authsvc/authenticator/email_message/email_message.xml
- otp/delivery/sms_message.xml
- otp/delivery/email_message.xml