Password application internationalization - SSO

Owned by ubisebastian
2021-01-19
3 min read

The user interface and email internalization texts are defined in resources_xx.properties files, located in the application's WEB-INF/classes –folder (where xx represents the ISO-639-1 language code, e.g. WEB-INF/classes/resources_en.properties for English). The language selection functionality, however, is entirely internationalized in the SSO Server application and the language selection links are generated using client-side JavaScript. Therefore the Password application will require that all supported languages are defined also in SSO Server and all languages supported by SSO Server should also be configured to the Password Application. If some language can't be found, or a specific key of a specific language is missing, e.g. Finnish, then the Password application will fall back to looking up the key in the resources.properties file, (i.e. without an ISO-639-1 language identifier in the filename.)

The password application consists of two main processes: password reset and password change. Both of these have a number of phases, of which each contain a number of language keys that can be customized to guide users as necessary. All views in the password application use the same base template for the layout, so all views' language keys are similar, but identify the view with a key-prefix. For example, the reset-completed.title belongs to the reset-completed view and will be output in the proper location for the title.

Password reset views

Password reset can be configured to allow user to define his/her own password or alternatively have the system generate a password instead. If the system generates the password for the user, it will generate a strong enough password to satisfy the length and complexity requirements of password policy definitions. If the system is configured to allow user to define password, all defined password policy settings are validated.

Figure 1. Password reset views

Password change views

Password change process has fewer views, but is initiated by a round-trip to SSO Server to authenticate the user. If the login fails, the user will end up on the login-error view.

Figure 2. Password change views

User Interface Layout template

In the image below is the template that is used to lay out the instructions, links and input fields. Some key points of interests are numbered on the image, in all other respects the texts represent language keys in the resources.properties files.

Figure 3. User interface layout template
  1. The language selection links are downloaded from SSO using the REST API, therefore these keys are defined in the SSO Server application's internationalization configuration.
  2. Possible error messages are printed under the <view>.optext key and above the input fields.
  3. Powered by GlobalSign text is common for all JSPs. This value is fixed in the JSP code.
  4. The view specific input fields are printed in this area.
  5. Return URL is printed here as a parameter to the key returnurl.help.
  6. Input button texts can be defined separately for each view.

Other keys

Key

Description

returnurl.help

Defines how the returnurl should be printed to the screen. The variable {0} will be replaced by the actual return URL

<view>.label.<fieldname>

These are textual labels for input fields

<etc.>

The rest of the keys describe possible error situations

Setting default language

The default language can be set by modifying web.xml file

Listing 1. \Ubilogin\webapps\password\WEB-INF\web.xml
<display-name>Ubilogin Password</display-name>
	<context-param>
		<param-name>javax.servlet.jsp.jstl.fmt.locale</param-name>
		<param-value>fi</param-value>
	</context-param>
	<context-param>
		<param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name>
		<param-value>fi</param-value>
	</context-param>

Hiding email address input field while resetting password

By default, when performing a password reset, the user will be prompted for their user account name and email address.

For systems that use the email address as the user account name, the additional prompt for the email address can be disabled.

To hide the email address field modify the value of the mail-challenge setting in the  …\ubilogin-sso\ubilogin\webapps\password\WEB-INF\web.xml file.

Listing 1. \Ubilogin\webapps\password\WEB-INF\web.xml
<servlet>
	<servlet-name>com.ubisecure.ubilogin.password.reset.ResetServlet</servlet-name>
	<servlet-class>com.ubisecure.ubilogin.password.reset.ResetServlet</servlet-class>
	<init-param>
		<param-name>mail-challenge</param-name>
		<param-value>true</param-value>
	</init-param>
</servlet>


True means the email address must be given. False means only user name is required.

To apply the configuration change to the application server, execute
…\ubilogin-sso\ubilogin>config\tomcat\update.cmd

The user interface text will also need to be modified to reflect this configuration change. The localization strings are located in the  …\ubilogin-sso\ubilogin\webapps\password\WEB-INF\classes folder

Ubisecure Privacy Policy & Cookie Statement