Skip to main content

Adding new functionality and HTML

The Bravura Security Fabric GUI is a set of HTML snippets loaded into the CGI program at run-time to dynamically construct web pages. Every time a Bravura Security Fabric CGI program displays an HTML page, it loads the relevant HTML snippets, replaces code in those snippets with session specific data and displays the resulting page in the user’s web browser.

CGI plugins provide additional HTML snippets and extend the functionality of Bravura Security Fabric web pages, including the:

  • Change passwords page of the Help users (IDA) module

  • Change passwords page of the Change passwords (PSS) module

  • Password change results (password status) page of the Change passwords (PSS) module

  • Main menu (self-service options) page of the Front-end (PSF)

CGI plugin sequence of events

In general, a CGI program executes a CGI plugin at least twice; once to retrieve HTML for initial display (the form elements that the user can access to invoke plugin functionality), and again to process the user’s input.

This is illustrated by the following sequence of events:

  1. CGI program runs the plugin with one of the inputs being action = "PRINT-FORM" .

  2. Plugin prints state variables (which the CGI stores on behalf of the plugin), a list of HTML tags that if received the CGI should forward to the plugin, and an HTML snippet to display to the user.

  3. CGI program assembles an HTML page from the normal page functionality and the HTML snippet received from the plugin.

  4. CGI program displays the resulting combination on the user’s web browser.

  5. CGI program accepts input (form submission) from the user.

  6. CGI program determines whether one of the plugin’s buttons was pressed. Terminate this logic if not.

  7. CGI program runs the plugin with the action = "PROCESS-FORM" input.

  8. CGI program forwards all previously-stored state information and form input variables to the plugin.

  9. Plugin produces the next HTML snippet, to be included in the next HTML page, possibly including new state information.

By default, new HTML code supplied by the plugin is inserted at the bottom of the page. You can change the location as described in Change the layout .

Read the following sections to lean about each type of CGI plugin.

Providing HTML to the front end

You can write a CGI plugin to extend the Front-end to provide static HTML to users.

The Front-end executes the CGI plugin to retrieve the static HTML. The CGI plugin receives information on the user that is triggering the plugin.

To set the plugin point, type the name of the plugin in the PSF PLUGIN field on the Modules > Front-end (PSF) page.

The shipped plugin, psf-plugin.py, located in the \<instance>\plugin\healthcheck\ directory, provides HTML content for the Health check monitor.

Write a custom Front-end HTML plugin

Requirements

The CGI plugin is a console executable, which accepts information on standard input and writes results to standard output. See Writing plugins for general requirements.

Execution points

The Bravura Security Fabric CGI program, psf, invokes a plugin to add HTML content to the main menu. Each time the menu page is displayed, the plugin executes. It does not run when a user is yet to be authenticated. See CGI plugin sequence of events for the general sequence of events.

Input

Input passed into the plugin is as follows:

"" "" = {
  "action" = "PRINT-FORM|PROCESS-FORM" # The action of the CGI
  "cginame" = "psf" # The CGI running the plugin
  "html" = "" # unused
  "requester" = "<profile ID>" # The user requesting the page
        
  "user" = "<profile ID>" # The user requesting the page
  "tags" "" = {
    "<tag ID>" = "<tag value>" # 0 or more
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "F:\\Locks\\"
  }
}

For example:

"" "" = {
  "action" = "PRINT-FORM"
  "cginame" = "psf"
  "html" = ""
  "requester" = "crysta.soria"
  "user" = "crysta.soria"
  "tags" "" = {
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "F:\\Locks\\"
  }
}

Output

The output returns static information that is presented to the user. The static HTML is added to the end of the self-service options.

Output passed from the plugin is as follows:

"" "" = {
   "html" = "<static HTML>"
      # The HTML to include on the self-service options page
}

The value for HTML key content must be written as one line.

For example:

"" "" = {
   "html" = "<strong>Message of the day</strong><br>Please review new HR policies"
}

Provide HTML to the change passwords pages

You can use a CGI plugin to supply HTML code, including interactive form elements, to the Change passwords page of the:

  • Help users (IDA) module

    This page allows help desk users to change passwords.

  • Change passwords (PSS) module

    This page allows users to change their own passwords.

The plugin for the Help users (IDA) module is set by the A RESET EXT plugin point on the Modules > Help users (IDA) configuration page.

The plugin for the Change passwords (PSS) module is set by the S CHANGE EXT plugin point on the Modules > Change passwords (PSS) configuration page.

The shipped scpinplugin plugin program can be used with the A RESET EXT and S CHANGE EXT plugin points to provide smart card PIN reset.

Write a custom plugin to provide HTML to change passwords pages

Requirements

The CGI plugin is a console executable, which accepts information on standard input and writes results to standard output. See Writing plugins for general requirements.

Execution points

The Change passwords (PSS) module and Help users (IDA) module invoke a plugin to add HTML content to the main menu. Each time the page is requested, the plugin executes. See CGI plugin sequence of events .

Input

Input to the plugin includes:

"" "" = {
  "action" = "PRINT-FORM|PROCESS-FORM" # The action of the CGI
  "user" = "<profile ID>" # The user requesting the page
         
  "requester" = "<profile ID>" # The user requesting the page
         
  "cginame" = "ida|pss" # The CGI running the plugin
  "host" "" = { #1 or more sets, each representing a target system
    "id" = "<target system ID>"
    "name" = "<target system name>"
    "type" = "<target system type>"
    "address" = "<target system address>"
    "adminid" = "<target system administrator ID>"
    "adminpass" = "<target system administrator password>"
    "userid" = "<user's account on the target system>"
     }
  "tags" "" = {#Data to be remembered through the current login session
    "<tag ID>" = "<tag value>" # 0 or more
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "F:\\Locks\\"
  "html" = "" # unused
  }
}

The following is an example of the input received by the plugin during its first run:

"" "" = {
     "action" = "PRINT-FORM"
     "user" = "user1id"
     "requester" = "user1id"
     "cginame" = "pss"
     "host" "" = {
       "id" = "AD"
       "name" = "ad"
       "type" = "WIN2K"
       "address" = "10.10.77.20/basedn=ou=wfou"
       "adminid" = "administrator"
       "adminpass" = "letmein!"
       "userid" = "user1id"
     }
     "tags" "" = {
       "LANG" = "en-us"
       "PS_LOCK_DIR" = "C:\\Program Files\\Hitachi ID\\IDM Suite\\Locks\\"
     }
     "html" = ""
   }

Output

The following is added to the output:

  • submit_buttons A list of HTML buttons that the plugin displays on the page. The CGI needs to know which buttons a plugin has added so that user input on those buttons can be sent back to the plugin.

    All of the entries in this list are the names of the HTML buttons; they are "name" attributes from the <input> tags on the HTML page. All submit buttons must begin with the string "EXT-" to distinguish their names from button names used internally by Bravura Security Fabric .

  • html Raw HTML that displays the plugin’s interface.

The following is an example of the output produced by the plugin:

"" "" = {
  "action" = "PRINT-FORM"
  "cginame" = "ida"
  "html" = ""
  "requester" = "user1id"
  "user" = "manage1"
  "host" "" = {
    "address" = "10.10.77.20/basedn=ou=wfou"
    "adminid" = "administrator"
    "adminpass" = "Letmein1"
    "id" = "AD"
    "name" = "ad"
    "type" = "WIN2K"
    "userid" = "manage1"
  }
  "submit-buttons" "" = {
    "" = ""
  }
  "tags" "" = {
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "C:\\Program Files\\Hitachi ID\\IDM Suite\\Locks\\"
  }
}

}

Provide HTML to the password status page

You can use a CGI plugin to supply HTML code to the Password reset results (password status) page of the Change passwords (PSS) module.

The plugin is set by the S STATUS EXT plugin point on the Modules > Change passwords (PSS) configuration page.

You cannot use the S STATUS EXT plugin to add interactive form elements.

The shipped cgilocalr plugin program allows you to enable and configure the Local Reset Extension.

Write a custom plugin to provide HTML to the password status page

Requirements

The CGI plugin is a console executable, which accepts information on standard input and writes results to standard output. See Writing plugins for general requirements.

Execution points

The Change passwords (PSS) module invokes a plugin to add HTML content to the main menu. Each time the page is requested, the plugin executes. See CGI plugin sequence of events for the general sequence of events.

Input

Input to the plugin includes:

"" "" = {
  "action" = "PRINT-FORM" # The action of the CGI
  "user" = "<profile ID>" # The user requesting the page
   
  "requester" = "<profile ID>" # The user requesting the page
   
  "cginame" = "pss" # The CGI running the plugin
  "host" "" = { #1 or more sets, each representing a target system
    "id" = "<target system ID>"
    "name" = "<target system name>"
    "type" = "<target system type>"
    "address" = "<target system address>"
    "adminid" = "<target system administrator ID>"
    "adminpass" = "<target system administrator password>"
    "userid" = "<user's account on the target system>"
     }

  "tags" "" = {#Data to be remembered through the current login session
    "<tag ID>" = "<tag value>" # 0 or more
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "F:\\Locks\\"
  "html" = "" # unused
  }
}

The following is an example of the input received by the plugin:

 "" "" = {
     "action" = "PRINT-FORM"
     "user" = "user1id"
     "requester" = "user1id"
     "cginame" = "pss"
     "host" "" = {
       "id" = "AD"
       "name" = "ad"
       "type" = "WIN2K"
       "address" = "10.10.77.20/basedn=ou=wfou"
       "adminid" = "administrator"
       "adminpass" = "letmein!"
       "userid" = "user1id"
     }
     "tags" "" = {
       "LANG" = "en-us"
       "PS_LOCK_DIR" = "C:\\Program Files\\Bravura Security\\Bravura Security Fabric\\Locks\\"
     }
     "html" = ""
   }

Output

The following is an example of the output produced by the plugin:

"" "" = {
  "action" = "PRINT-FORM"
  "cginame" = "ida"
  "html" = ""
     <TABLE width=100% border=0 cellpadding=0 cellspacing=0>
     <TR>
     <TH COLSPAN=2 class=HEADTEXT>
     <nobr>Information for user manage1 on target AD</nobr>
     </TH>
     </TR>
     <TR>
     <TD valign=top COLSPAN=2 class=CELLTEXT>
     &nbsp;
     </TD>
     </TR>
     <TR>
     <TD valign=top COLSPAN=2 class=CELLTEXT>
     <strong>General</strong>
     </TD>
     </TR>
     <TR>
     <TD valign=top class=CELLTEXT>
     Distinguished name:
     </TD>
     <TD valign=top class=CELLTEXT>
     CN=Manage 1,OU=Users,OU=North America,DC=spacey-2k3,DC=local
     </TD>
     </TR>
     <TR>
     <TD valign=top class=CELLTEXT>
     Full name:
     </TD>
     <TD valign=top class=CELLTEXT>
     Manage 1
     </TD>
     </TR>
     <TR>
     <TD valign=top COLSPAN=2 class=CELLTEXT>
     &nbsp;
     </TD>
     </TR>
     </TABLE>
     <P>
  "requester" = "user1id"
  "user" = "manage1"
  "host" "" = {
    "address" = "10.10.77.20/basedn=ou=wfou"
    "adminid" = "administrator"
    "adminpass" = "Letmein1"
    "id" = "AD"
    "name" = "ad"
    "type" = "WIN2K"
    "userid" = "manage1"
  }
  "submit-buttons" "" = {
    "" = ""
  }
  "tags" "" = {
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "C:\\Program Files\\Bravura Security\\Bravura Security Fabric\\Locks\\"
  }
}

Display custom HTML

You can write a CGI display plugin to generate static HTML to include on a page. You can choose to display custom HTML on some or all pages.

The CGI display plugin is executed on pages that matches a transaction ID. The CGI display plugin receives information on the user that is triggering the plugin.

To set the plugin point, type the name of the plugin in the CGI DISPLAY PLUGIN field on the Modules > Options page.

To display HTML on specific pages, include the transaction ID of the pages, each separated by a space. If you do not specify a transaction ID, the plugin will be executed on all pages, however this is not recommended as this will result in performance issues.

For example: custom-html.py F_LOGIN F_OPTION will execute the CGI display plugin for pages that contain transaction ID F_LOGIN or F_OPTION.

Ensure that tags are specified in the m4 files of the CGI program you wish to invoke. Tags are denoted by the format % < tag > %.

For example, if you want to include HTML in the Front-end that matches transaction ID F_OPTION , modify the psf.m4 file and locate the transaction ID F_OPTION . Insert a new tag in this section, or using an existing tag.

If adding a new tag to the m4 file, you must re-compile the skin files .

There is no shipped plugin in use with this plugin point.

Write a custom CGI display plugin

Requirements

The CGI plugin is a console executable, which accepts information on standard input and writes results to standard output. See Writing plugins for general requirements.

Execution points

When a Bravura Security Fabric CGI program matches a transaction ID, it invokes a plugin to add HTML content. Each time the page is accessed, the plugin executes. See CGI plugin sequence of events for the general sequence of events.

Input

Input passed into the plugin is as follows:

  "" "" = {
     "sessionid" = "<sessionid>" # ID of the current session
     "transid" = "<transid>" # The transaction ID of the current page
     "cginame" = "<cginame>" #The CGI running the plugin
     "viewer" "user" = {
       "id" = "<id>" # ID of the user requesting the page
       "name" = "<name>" # Name of the user requesting the page
     }
     "request" "" = {
       "key" = "<value>"     # List of all of the values posted in the form
       "key2" = "<value>"
     }
   }

For example:

"" "" = {
  "sessionid" = "S9982e39d-a79c-4af0-be79-9da546819501"
  "cginame" = "psf"
  "transid" = "F_OPTION"
  "viewer" "user" = {
    "id" = "superuser"
         
    "name" = "superuser"
  }
  "request" "" = {
        ...
    "CGI_DISPLAY_PLUGIN_VALUE" = "custom-html.py"
    "DEFAULT_API_SESS_EXPIRY_SECONDS_VALUE" = ""
    "DEFAULT_EXPIRY_SECONDS_VALUE" = "999999"
    "DEFAULT_SCHEDULE_TIME_VALUE" = "01:00"
    "DIGITAL_SIGN_PLUGIN_VALUE" = ""
    "DISPLAY_ALIAS_SIMPLIFIED_VALUE" = ""
    "DISPLAY_GROUPID_PLUGIN_VALUE" = ""
    "DISPLAY_TIMEZONE_VALUE" = ""
    "FILTER_REQUEST_PLUGIN_VALUE" = ""
    "FILTER_USER_PLUGIN_VALUE" = ""
    "JS" = "true"
    "KEEP_USER_PLUGIN_VALUE" = ""
    "LANG" = "en-US"
    "RECORDS_PER_PAGE_VALUE" = "20"
    "SEARCH_MAX_RESULTS_VALUE" = "500"
    "SEARCH_NO_INIT_RESULT_VALUE" = ""
    "SESSDATA" = "<encrypted session data>"
        ...
  }
}

Output

The output returns static information that is presented to the user.

Output passed from the plugin is as follows:

  "" "" = {
     "retval" = 0
     "replacement" "" = {
       "tag" = "<tag1>" #transid of tag1
       "value" = "<html>" #html of tag1
     }
     "replacement" "" = {
       "tag" = "<tag2>" #transid of tag2
       "value" = "<html>" #html of tag2
     }
     ...
   }

The value for HTML key content must be written as one line.

For example:

  "" "" = {
     "retval" = 0
     "replacement" "" = {
       "tag" = "REPLACEME"
       "value" = "<strong>Message of the day</strong><br>Please review new HR policies"
       }
     ...
   }
In this section: