By: Adam Boxall user 04 Jun 2019 at 3:07 a.m. CDT

2 Responses
Adam Boxall gravatar
Hello. I'm just doing some exploratory work with Gluu at this stage, but I've come across an issue I've not been able to figure out. I've noticed that the RichFaces styling doesn't work particularly well with [Bootstrap](https://getbootstrap.com/docs/3.4/css/); forms fields for example have different spacing, different fonts and a gradient background is applied. Rather than attempt to "reset" the styles, which could be painful, I'd just like to stop the `skinning.ecss` stylesheet being from injected into the template at all. The template in question is [`/person/passwordReminder.xhtml`](https://github.com/GluuFederation/oxTrust/blob/master/server/src/main/webapp/person/passwordReminder.xhtml), which by default extends [`/WEB-INF/incl/layout/fullWidthEmpty.xhtml`](https://github.com/GluuFederation/oxTrust/blob/master/server/src/main/webapp/WEB-INF/incl/layout/fullWidthEmpty.xhtml). I can't see any references to the RichFaces stylesheet in either of those templates , but the former does use some "rich" components. However if I override the `passwordReminder.xhtml` template with something minimal that doesn't use any rich components, and drop the base template completely, the stylesheet is still injected. This is the new template: ``` <html xmlns="http://www.w3.org/1999/xhtml" xmlns:f="http://xmlns.jcp.org/jsf/core" xmlns:h="http://xmlns.jcp.org/jsf/html" xmlns:a="http://xmlns.jcp.org/jsf/passthrough"> <f:view transient="true" locale="#{language.localeCode}"> <h:head> <title>Password Reminder</title> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous" /> </h:head> <h:body> <div class="container"> <h:form id="formArea" class="password-reminder-form"> <h:inputText id="username" value="#{passwordReminderAction.email}" required="true" requiredMessage="#{msg['person.passwordreset.provideValidEmail']}" styleClass="form-control" a:placeholder="#{msg['resetPassword.enterEmail']}" /> </h:form> </div> </h:body> </f:view> </html> ``` Which results in the following: ![](https://i.ibb.co/JRkhDDK/Screen-Shot-2019-06-04-at-08-58-30.png) So it appears that the template isn't responsible for injecting that stylesheet, or for providing any fragments for it to be injected into. Can it be disabled? Any help would be greatly appreciated. Thanks, Adam

By Michael Schwartz staff 04 Jun 2019 at 3:11 a.m. CDT

Michael Schwartz gravatar
Please note that these IDM features in oxTrust are not recommended for large scale enterprise deployments. Exposing oxTrust to the Internet is not recommended, as the surface area for security is too great for a tool that is also the admin interface for oxAuth. The recommended approach is to build your own password management tools, using whatever tools you like, and to use the SCIM interface of oxTrust to persist your changes to the Gluu database.

By Adam Boxall user 04 Jun 2019 at 4:04 a.m. CDT

Adam Boxall gravatar
I see, thank you for the clarification. The login template didn't inject that stylesheet, so the differences and separation between the two makes more sense now. I'll not worry about these pages then. Thanks, Adam