Sometimes it's necessary to provide a disclaimer on the login page. So legal aspects are considered.

When using "Single Sign On" (SSO) in TOS Aurora, only one page for access to SecureTrack, as well as SecureChange, is shown. This page refers to SecureTrack. If a separate disclaimer needs to be shown for SecureChange, SSO needs to be turned off. The same is required if a user is configured for SecureChange only.

 

SecureTrack (or SSO enabled)

There are two options to configure a disclaimer on this page. If the disclaimer consists of a single sentence and it doesn't need to be formatted, it can be added with this command:

#  kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer --content "Access restricted"

This results in

If formatting is required, the disclaimer itself needs to be written into an HTML file. Please find an example below:

[root@TufinOS ~]# ll disclaimer.html
-rw-r----- 1 root root 110 Jan 12 18:03 disclaimer.html
[root@TufinOS ~]# cat disclaimer.html
<!DOCTYPE html>
<html><body>
<h1>Disclaimer</h1>
Please regard - <b>Access restricted</b>
</body></html>
[root@TufinOS ~]#

This file now needs to be imported into TOS Aurora. Before this can be done, the keycloak pod needs to be found.

# kubectl get pods | grep keycloak
keycloak-service-6cb5b94686-jjh9b                    1/1     Running     0          167m

The next action is to copy the file into this pod. Formally, the command looks like this:
  kubectl cp <disclaimer file> <keycloak pod>:<full path of the file in the pod> -c keycloak-service
Following the example above, the full command is

# kubectl cp disclaimer.html keycloak-service-6cb5b94686-jjh9b:/tmp/disclaimer.html -c keycloak-service
#

The next step is to apply this file as the disclaimer file for SecureTrack. Formally, the command looks like this:
  kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer -f <full path of the file in the pod>

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer -f /tmp/disclaimer.html
#

The result looks like this

 

If you want to delete any disclaimer in SecureTrack, use this command:

#  kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer --content ""

 

 

SecureChange

Customizing SecureChange is easier than it is for SecureTrack. The menu to customize SecureChange can be reached via Menu > Settings > Customization.
Having navigated to this page, the lower part called "Disclaimer" allows adding the text shown during the login. Basic formatting of the text is possible, too. When finished, press "Publish" - so the text will be shown during login.

Please be aware, that this disclaimer will be shown only if Single Sign On (SSO) is turned off (!)