UAA login pages are insufficiently customisable

What version of UAA are you running?

This is present in v4.7.2.

How are you deploying the UAA?

Using cf-release.

What did you do?

Tried to alter UAA’s authorisation webpages.

What did you expect to see?

We expected a built-in way to modify these pages, for instance by overridding the HTML templates in server/src/main/resources/templates/web.

What goal are you trying to achieve with the UAA?

As part of GOV.UK, we have to follow an organisational style-guide and accessibility guidelines. We’d like to customise the UAA webpages to meet these requirements.

What did you see instead?

The built-in customisation options are insufficient:

• The branding properties can only change things like the name and logo.
• The asset_base_url property can be used to load custom CSS but is documented as deprecated.
• There is no way to alter the HTML templates short of maintaining our own BOSH release.

We’re using asset_base_url for now to specify custom CSS. As it is marked deprecated, we implemented an automatic test that it still works. We’ve also implemented tests that UAA’s templates have not changed very much and that our stylesheet still works.

Why is this an issue?

We think that a lot of organisations have or will have this same issue, and that maintaining our own BOSH release would be a lot of work just to change these pages.

18F have a separate BOSH release that deploys their own custom pages, but this is quite unpleasant and has frightening comments.

An in-built solution, or guidance, on modifying these pages would seem a good idea.