3.0 Preparing to Run the Client Login Extension

Before running the Client Login Extension, you must have a working Identity Manager 3.5 or later system and have the User Application configured correctly to enable the Password Self-Service feature. For information on installing Identity Manager and the User Application, see the Identity Manager 3.6.1 Installation Guide.

In order to have the Password Self-Service feature enabled, you need to perform at least the following:

You initially set up the Password Self-Service feature through iManager by using the Passwords > Password Policies > Forgotten Password and Policy Assignment options. For more information on the Password Self-Service feature, see “Managing Passwords by Using Password Policies” and “Password Self-Service” in the Password Management 3.2 Administration Guide.

Use the Identity Manager User Application to complete the password configuration. For information about configuring Password Self-Service through the Identity Manager User Application, see “Password Management Configuration”” in the Roles Based Provisioning Module 3.6.1 User Application Administration Guide.

You also need to turn on SSL in JBoss*. See “Self-Signed Certificates” in the Roles Based Provisioning Module 3.6.1 User Application Administration Guide. The Client Login Extension does not work without SSL.

You must enable the URL rewriting when the User Application is deployed on the IBM WebSphere Application Server.

  1. Log in to the Administration Console.

  2. Go to the Server > Application Servers > Select your server (for example server1), then select Session Management on the Configuration tab.

  3. Select the checkbox against the Enable URL Rewriting.

  4. Click Apply, then click Save.

  5. Restart the WebSphere Application Server.

With the Forgotten Password feature enabled and the password policy assigned, you now have a valid HTML link for the restricted browser to use. This link needs to be configured for HTTPS, for example, https://hostname:8443/IDM/jsps/pwdmgt/ForgotPassword.jsf. Use this URL when running the Client Login Extension Configuration utility.