Disclaimer for SecureTrack / SecureChange
Sometimes it's necessary to provide a disclaimer on the login page. So legal aspects are considered.
When using "Single Sign On" (SSO) in TOS Aurora, only one page for access to SecureTrack, as well as SecureChange, is shown. This page refers to SecureTrack. If a separate disclaimer needs to be shown for SecureChange, SSO needs to be turned off. The same is required if a user is configured for SecureChange only.
SecureTrack (or SSO enabled)
There are two options to configure a disclaimer on this page. If the disclaimer consists of a single sentence and it doesn't need to be formatted, it can be added with this command:
[root@TufinOS ~]# kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer --content "Access restricted"
This results in
If formatting is required, the disclaimer itself needs to be written into an HTML file. Please find an example below:
[root@TufinOS ~]# ll disclaimer.html
-rw-r----- 1 root root 110 Jan 12 18:03 disclaimer.html
[root@TufinOS ~]# cat disclaimer.html
<!DOCTYPE html>
<html><body>
<h1>Disclaimer</h1>
Please regard - <b>Access restricted</b>
</body></html>
[root@TufinOS ~]#
Regarding the documentation delivered by Tufin, the command listed ccurrently there leads to an error.
The correct procedure is shown below.
Find the correct name of the pod running keycloak
[root@TufinOS ~]# kubectl get pods | grep keycloak
keycloak-service-85559fc884-tlpqp 1/1 Running 0 29d
[root@TufinOS ~]#
Then copy the disclaimer file into the (correct) pod and make it active
[root@TufinOS ~]# cat disclaimer.html | kubectl exec -i keycloak-service-85559fc884-tlpqp -c keycloak-service -- sh -c "cat > /tmp/disclaimer.html"
[root@TufinOS ~]# kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer -f /tmp/disclaimer.html
The result looks like this
If you want to delete any disclaimer in SecureTrack, use this command:
# kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_disclaimer --content ""
SecureChange
Customizing SecureChange is easier than it is for SecureTrack. The menu to customize SecureChange can be reached via Menu > Settings > Customization.
Having navigated to this page, the lower part called "Disclaimer" allows adding the text shown during the login. Basic formatting of the text is possible, too. When finished, press "Publish" - so the text will be shown during login.
Please be aware, that this disclaimer will be shown only if Single Sign On (SSO) is turned off (!)