Skip to content

Customizing Public Pages#

Most organizations will want to edit and customize the look and feel of public-facing Gluu Server pages to match their own corporate branding. The following documentation provides the file locations of public facing pages, as well as instructions for adding custom HTML, CSS, and Javascript files to your Gluu Server.

Public pages include:

  • All included sign-in pages
  • Registration
  • Password Recovery
  • Error Pages


Customizations should only be made by people with a solid understanding of web development. Before changing any files, we recommend creating backups to easily revert your instance to its original state.


The Gluu Server's public facing pages are xhtml files. Each Gluu Server component is deployed as a separate archive in WAR format. When any component's service is started, its archive is unpacked ("exploded") to Jetty's temporary file directory located under /opt/jetty-<VERSION>/temp/ before it'll be able to start serving requests for associated functionality.

To customize any files used by a component, they need to be changed either at that temporary location, or inside the corresponding archive itself. Note that changes made directly to unpacked files under /opt/jetty-<VERSION>/temp/ won't be persisted--each time a component's service is restarted its WAR archive will be re-exploded, overwritting the existing content on the disk.

A typical example would be customizing oxAuth's login page. There are two ways to achieve this:

  1. Unpack the needed files from /opt/gluu/jetty/oxauth/webapps/oxauth.war with a tool like jar, update them and add them back to the archive with all required dependencies (not recommended);

  2. Put changed files under /opt/gluu/jetty/oxauth/custom/ directory, so they could be used instead of the standard files in oxauth.war. (Note: the same approach will work for oxTrust if files are placed under /opt/gluu/jetty/identity/custom/). The benefit of using this method is that your customizations won't be disturbed by any changes to oxauth.war or identity.war later on (for example, in case this Gluu instance will be patched or updated, and a component's WAR archive will get overwritten). More on this method below.

Directory structure and mappings#


Log in to the Gluu Server chroot before working on design customizations for any pages.

New directories trees have been added inside the Gluu Server chroot to make page customizations easier. Each such tree is placed in the configuration directory of the corresponding Gluu component (only customization of oxAuth and oxTrust pages is supported at the moment by this feature). The new directory structure can be illustrated as follows (only directories related to this feature are shown for clarity):


|-- custom
|   |-- i18n
|   |-- libs
|   |-- pages
|   `-- static


|-- custom
|   |-- i18n
|   |-- libs
|   |-- pages
|   `-- static


Customized i18n should be placed in the following directories:


Resources from this folder will be loaded at the next service restart.


This can only customize oxAuth/Identity resources. New messages bundles applications not read automatically.

Sub-directory custom/pages have a special purpose. They enable overriding exploded xhtml pages from the unpacked WAR archive. The path to the exploded WAR conforms to following scheme:


So, for example, the path to an exploded oxAuth's WAR archive directory may look like this (and may be changed the next time the corresponding service is restarted):


Thus, a modified login.xhtml page put under custom/pages/ will be used instead of the webapp/login.xhtml file from the exploded archive. You can use files unpacked there as a base for your own customized files.


Jetty included in earlier Gluu 3.x packages is known to create duplicated directories under /opt/jetty-<VERSION>/temp/ for each of its components. In case of encountering this issue, it's recommended to stop corresponding service and remove all subdirectories related to it from the temp/ directory. After starting service again its WAR archive will be unpacked there again.


This approach is for XHTML pages only. Other resources like faces-config.xml cannot be overridden with this method.

Additional libs used by oxAuth should be placed in the following directories:



Jar files copied to /opt/gluu/jetty/identity/custom/libs are not accessible to custom scripts which run in an oxAuth context. Only the ones in /opt/gluu/jetty/oxauth/custom/libs are. Jar files copied to /opt/gluu/jetty/identity/custom/libs are only accessible to oxTrust code. This is relevant for individuals who are doing customization of oxTrust beyond UI changes.

Additional libs/plugins should be registered in /opt/gluu/jetty/oxauth/webapps/oxauth.xml or /opt/gluu/jetty/identity/webapps/identity.xml in attribute <Set name="extraClasspath"></Set>

Custom CSS or images should be placed under custom/static directory. To avoid collisions with static resources from WAR files, Gluu maps this folder to the URL's path like this: /{oxauth|identity}/ext/resources

So, for example, a CSS file placed at this path:


...will be externally available at a URL similar to this:

...and should be referenced from inside of source codes of customized files by path like this:


All images should be placed under:



You can change the logo on every public-facing page here. Place your image in /static/img and name it logo.png.

And all CSS are inside:


Full customization#

If the above customization approach does not help to resolve customization issues, it's possible to explode WAR files and instruct Jetty to use the exploded folder instead of a WAR file. The following is a sample for oxAuth:

  1. Unpack oxauth.war into /opt/gluu/jetty/oxauth/webapps/oxauth folder
  2. Put updated /opt/gluu/jetty/oxauth/webapps/oxauth.xml with next content:

    <Configure class="org.eclipse.jetty.webapp.WebAppContext">
            <Set name="contextPath">/oxauth</Set>
            <Set name="war">
                    <Property name="jetty.webapps" default="." />/oxauth/


Upgrade will not apply any changes to the exploded /opt/gluu/jetty/oxauth/webapps/oxauth folder. After installing an upgrade package, the administrator should reapply changes manually.

Location of key webpage source files#

The default public-facing pages can be a good base for your organization's customized ones. Aside from extracting them directly from a corresponding WAR file, they can be found at Jetty's temp directory to which they are unpacked each time a corresponding service starts.


oxAuth is the core Gluu CE component, handling all authentication in the framework and implementing OpenID Connect and UMA flows. Most of the web UI pages displayed to end users belong to oxAuth (login/logout/authorization flows).

Base directory: /opt/jetty-<VERSION>/temp/jetty-localhost-8081-oxauth.war-_oxauth-any-<RANDOM_TAG>.dir/webapp/

  • Default login page: ./login.xhtml
  • Authorization page: ./authorize.xhtml
  • Logout page: ./logout.xhtml
  • Error page: ./error.xhtml
  • Custom authentication scripts; XHTML files under: ./webapp/auth/


oxTrust is responsible for displaying the Gluu Server's default registration page, as well as the administrator web UI's pages.

Base directory: /opt/jetty-<VERSION>/temp/jetty-localhost-8082-identity.war-_identity-any-<RANDOM_TAG>.dir/webapp/

  • Registration page: ./register.xhtml

Applying changes#

To apply the customizations just set, restart the oxauth and oxtrust services.


It'll take about ten seconds for page modifications to reload.

Customizing SAML IDP pages#

Many organizations will want to edit and customize the look and feel of IDP pages to match their own corporate branding. The Gluu Server includes a custom folder that will override existing IDP pages. The IDP pages use the vm file type. To customize the pages, follow these steps:

  1. Find the desired file inside the chroot at /opt/shibboleth-idp/views
  2. Copy and edit the file, then move it to /opt/gluu/jetty/idp/custom/pages

Now, the customized page will override the default one.

For a good practical example, let's consider a task of removing the Gluu copyright at the bottom of oxAuth's login page. You can follow these steps to achieve this:

  1. Log in to the Gluu container

  2. Create a new directory structure under custom/pages/ to accomodate new customized page:

    # mkdir -p /opt/gluu/jetty/oxauth/custom/pages/WEB-INF/incl/layout/`    
  3. Get a default template page from the exploded WAR archive and put it in the path under custom/pages directory, which will allow it to override the original page (your path to the exploded WAR will differ from the one used here): # cp /opt/jetty-9.3/temp/jetty-localhost-8081-oxauth.war-_oxauth-any-9071517269463235631.dir/webapp/WEB-INF/incl/layout/template.xhtml /opt/gluu/jetty/oxauth/custom/pages/WEB-INF/incl/layout/template.xhtml

  4. Modify the new file by removing or editing the following snippet in it:

    <s:fragment rendered="#{not isLogin}">
        <div class="footer">
            <p>Copyright <a href="">Gluu</a> All rights reserved.</p>
  5. Assign appropriate permissions to new directories and files: # chown -R jetty:jetty /opt/gluu/jetty/oxauth/custom/pages/ && chmod -R a-x+rX /opt/gluu/jetty/oxauth/custom/pages/

You may opt to copy the default oxAuth login page (login.xhtml) to the custom files directory as well, and add some customizations to it:

cp /opt/jetty-9.3/temp/jetty-localhost-8081-oxauth.war-_oxauth-any-9071517269463235631.dir/webapp/login.xhtml  /opt/gluu/jetty/oxauth/custom/pages/

Don't forget to apply appropriate file system permissions if needed. Restart the oxauth service inside the chroot.`