Ubisecure SSO includes several login screens that can be customized using the methods described in this page. The login screens are not visually customized separately but they are still described briefly in this page because they are also present in the CSS design package and the texts are screen specific. The screenshots include the text customization keys in place of the actual default texts.

Jump to a specific login screen by clicking a link:

Note: Some of the login screen screenshots read "Identify and authorize. Enable secure business" as a header. The paramaterized fields for the header are HEADER_TEXT1 and HEADER_TEXT2

Menu Screen

The menu screen is the default starting screen of the sign in process. By default it contains an Intro box, Help box and depending on the authentication methods available it will also contain either a Login box or an External box.
Parameterized fields:

MENU_INTRO_TEXT
- {0} → url (host) of the service the user is trying to access
- NOTE: This field is used by default
MENU_INTRO2_TEXT
- {0} → url (host) of the service the user is trying to access
- {1} → name of the service the user is trying to access (Client name is read from agent metadata – OAuth2/SAML2)
- NOTE: This field is used only if agent metadata contains client name. For OAuth2 agents, the name is set in the client_name value of the metadata. For SAML2 agents, the name is set in the mdui:DisplayName value of the metadata.


Figure 1. Menu Screen with Text Keys

StepUp Screen

The step-up screen is used for selecting a suitable authentication method when the normal password authentication method is not strong enough for the service in question.


Figure 2. StepUp Screen with Text Keys

OTP Screen

The OTP screen is used for giving the one-time password from the OTP list when using the OTP authentication method.
Parameterized fields:

OTP_LOGIN_SEQUENCE
- {0} → Identifier of the requested one-time password
OTP_LOGIN_SEQUENCE_NAME
- {0} → Identifier of the currently active OTP list
OTP_LOGIN_NEXT_SEQUENCE_NAME
- {0} → Identifer of the currently passive OTP list
OTP_LOGIN_REMAINING_PASSWORD_AMOUNT
- {0] → Number of remaining one-time password in the active OTP list


Figure 3. OTP Screen with Text Keys

OTP Expiring Screen

The OTP Expring screen is used when user logs in with a One-time Password which is expiring.


Figure 4. OTP Expiring Screen with Text Keys

OTP Print Screen

The OTP Print screen is used for printing and activating new One-time Password lists.
Parameterized fields:

OTP_PRINT_LIST_TEXT
- {0} → OTP List ID


Figure 5. OTP Print Screen with Text Keys

Parameterized fields:

OTP_PRINT_LIST_CLOSE
- {0} → Close


Figure 6. OTP Print Screen showing the printable OTP list

SMS Screen

The SMS screen is used for giving the one-time password sent to the user's mobile phone when using the SMS OTP authentication method.


Figure 7. SMS Screen with Text Keys

SMS Unregistered Screen – insert phone number

The SMS screen is used for giving the one-time password sent to the user's mobile phone when using the SMS OTP authentication method.


Figure 8 SMS unregistered phone number entry screen with text keys


Figure 9 SMS unregistered one time password entry screen with text keys

SMTP Unregistered Screen – insert phone email

The SMTP screen is used for giving the one-time password sent to the user's mobile phone when using the SMTP OTP authentication method.


Figure 10 SMTP unregistered phone number entry screen with text keys


Figure 11 SMTP unregistered phone number entry screen with text keys


Figure 12 SMTP unregistered one time password entry screen with text keys

Password Screen

The password screen may also be a starting screen of the sign in process. It is used as the starting screen when only the password authentication method is available.

PASSWORD_INTRO_TEXT
- {0} → url of the service the user is trying to access
PASSWORD_INTRO2_TEXT
- {0} → url (host) of the service the user is trying to access
- {1} → name of the service the user is trying to access (Client name is read from agent metadata – oAuth2/SAML2)
NOTE: This field is used only if agent metadata contains client name metadata


Figure 13. Password Screen with Text Keys

Password Expiring Screen

The password expiring screen is used for giving the user the opportunity to change the password that will expire in the near future.


Figure 14. Password Expiring Screen with Text Keys

Password Expired Screen

The password expired screen is used for forcing the user to change a password that has been expired before giving the user access to the requested service.


Figure 15. Password Expired Screen with Text Keys

ETSI MSS Mobile PKI Unregistered Screen

The unregistered mobile PKI screen is used for asking user's mobile phone number and spam prevention code are requested for MPKI authentication.


Figure 16. Mobile PKI Unregistered Screen with Text Keys

Note that "MPKI_LOGIN_TEXT_NOSPAMCODE" is used instead of "MPKI_LOGIN_TEXT" if first login without spamcode has failed – when method configuration parameter "spamcode_required" is set to "false". In that case also the spamcode is not asked, and the text field "MPKI_UNREGISTERED_NOSPAMCODE" is not used/visible.


Figure 17. Mobile PKI unregistered screen asking for user's spamcode afer a failed attempt without it

Possible error messages:

LOGIN_CANCEL: User cancelled the authentication on the mobile phone.
LOGIN_EXPIRED: Authentication wasn't finished during the timeout period, which is set in configuration parameter ae.timeout.
INVALID_CREDENTIALS: Given spam prevention code is not correct.
USER_NOT_FOUND: Given phone number is not valid.
EXTERNAL_FAILURE: Unexpected failure occurs.

ETSI MSS Mobile PKI Unregistered Wait Screen

Used when user has entered mobile phone number and spam prevention code, and MPKI authentication is to be waited for.
Parameterized fields:

MPKI_LOGIN_WAIT_TEXT
- {0} → Progress in percents when waiting for mpki authentication


Figure 18. Mobile PKI Unregistered Wait Screen with Text Keys

Consent Screen

Consent Screen can be shown if user consent is required for releasing user attributes to third party IdP.
Parameterized fields:

CONSENT_INTRO_TEXT
- {0} → Name of the service the user is trying to access


Figure 19. User Consent Screen with Text Keys

Passive Consent Screen

Passive Consent Screen is shown for 5 seconds when authentication request coming from third party IdP specifies that no user interaction is required. User is shown informative text.
Relevant keys are:

CONSENT_PASSIVE_INTRO_TITLE
CONSENT_PASSIVE_INTRO_TEXT
CONSENT_PASSIVE_LOGIN_TITLE
CONSENT_PASSIVE_LOGIN_TEXT

CONSENT_PASSIVE_INTRO_TEXT may use parameter {0}, which would be replaced with the name of the requested service.


Figure 20. User Passive Consent Screen with Text Keys

Proxy Screen

The proxy screen is used as a backup when making an automated redirection to the authentication provider. The redirection can be made manually from this screen.


Figure 21. Proxy Screen with Text Keys

Error Screen

The error screen is used for informing the user of certain kinds of errors that mean that the authentication process cannot be continued. In some cases the error screen may automatically redirect to the service if the error can also be transmitted to the service.


Figure 22. Error Screen with Text Keys

Exit Screen

The exit screen is used as a backup when making an automated redirection to the service without a successful authentication. The redirection can be made manually from this screen.


Figure 23. Exit Screen with Text Keys

Success Screen

The success screen is used as a backup when making an automated redirection to the service after a successful authentication has been performed. By the default this screen is shown very briefly and does not required that the user presses continue. The redirection can be made manually from this screen.


Figure 24. Success Screen with Text Keys

Generally users are transferred to service automatically by using javascript. In some cases it maybe desirable to show further instructions or usage policies and require user to click a button. Please refer to page Templates.

Landing Page Screen

The landing page screen is used when a request has been made to the authentication server out of context. Usually this means that the user does not have a valid session to which the request would belong to.


Figure 25. Landing Page Screen with Text Keys

Logout Screen

The logout screen is used for informing the user of the status of the logout procedure.


Figure 27. Logout Proceeding Screen with Text Keys


Figure 28. Logout Completed Screen with Text Keys

Logout error

The logout error screen is displayed in the event of single logout failure. If backchannel logout was used, the URLs of the applications that did not respond or rejected the logout request are listed on the screen to warn the user of logout failure. An example is that the application has stopped responding. In these cases the user should be instructed to close all browser windows to terminate any possible application sessions. LOGOUT_ERROR_HELP_TITLE = Help
LOGOUT_ERROR_HELP_TEXT = Single logout was not completed successfully. Please logout manually from all individual applications and close all browser windows.
LOGOUT_ERROR_HELP_LINKS =
LOGOUT_ERROR_LOGIN_TITLE = Logout failed
LOGOUT_ERROR_LOGIN_TEXT = Could not complete logout.


Figure 29. Logout Error Screen with Text Keys

Accept terms

This screen will appear if the user has not accepted the current Terms of Use. The user cannot proceed until the checkbox is selected and the next button is pressed.
ACCEPT_TERMS_HELP_TITLE = Help
ACCEPT_TERMS_HELP_TEXT = You must accept Terms of Use before continuing.
ACCEPT_TERMS_HELP_LINKS =
ACCEPT_TERMS_TITLE = Accept terms
ACCEPT_TERMS_TEXT = Accept Terms of Use.
ACCEPT_TERMS_CHECKBOX_TITLE = Accept Terms of Use
ACCEPT_TERMS_NEXT = Continue


Figure 30. Accept Terms Screen with Text Keys

Identity Server 8.2

Login screens