There are cases where there default login behavior of the selfsrvice application is not adequate and we need to be interject some custom logic to change to enhance the default implementation.
Sample Use Case:
One example of this would be to check an external system, such as LDAP or Active Directory to determine if we should proceed to the Welcome or force the user to change their Password. To implement this type of functionality, we need extend the behavior of the default LoginController in the Selfservice application. This is by implementing a Groovy script that extends the ExtendController object. A template implementation has been provided in iamscripts/ui/selfservice/LoginController.groovy. This script implements the three methods listed below. However, only the pre() method is relevant in this case.
Pre() refers to pre-processing and this occurs before the default LoginController in the application makes any decisions about which screen to show. By the time this operation has been called, the user has already been successfully authenticated.
Passed in to Pre() are the following values:
- Command String - this is descriptive string that can be used to carry out multiple steps in a single operation
- objList - Map of objects. In this case is the UserId of the person that has logged in
- cmd - This is the Java LoginCommand object that is linked to the default Java LoginController
The following is a simple implementation:
Our implementation of the pre() method must return either ExtendCommand.SUCCESS_CONTINUE or ExtendController.SUCCESS_STOP
- SUCCESS_CONTINUE tells the calling framework to continue processing the default implementation after the script has been process.
- SUCCESS_STOP tells the framework to stop processing after the script has processed. In this case, the script has set the REDIRECT_URL. This tell the framework, which screen to show.