Self Service Password Reset provides various options for integration with Access Gateways including configurable redirection URLs, servlet command options, and support for HTTP basic authentication. The following are important configurations:
forwardURL: By default, the user is redirected to the forwardURL site.
logoutURL: If the password has been modified and the Logout After Password Change setting is set to True, then the user is redirected to the logoutURL site instead of the forwardURL site.
NOTE:These URLs are configured as part of the Self Service Password Reset general configuration. However, they can be overridden for any particular session by including the forwardURL or continueURL HTTP parameters on any request during the session.
You must force the user to log out from Self Service Password Reset and Access Manager after a password change operation is completed. Otherwise, users might experience authentication failures and intruder lockout if they continue to use the same Access Manager session. For more information about how to configure session enforcement, see Configuring the Change Password Module. The following are two instances when users are not immediately redirected to forwardURL:
When Check Expiration During Authentication is selected and the user’s password is about to expire. The user is redirected to the Change Password page instead of the forwardURL site. After changing the password, the user is redirected to forwardURL or logoutURL.
When Force Setup of Challenge Responses is selected, the user matches Challenge Response Query Match and the user does not have valid Self Service Password Reset responses configured. In this case, the user is redirected to the Setup Responses module. After completing the response setup, the user is redirected to forwardURL or logoutURL.
Configure the following Self Service Password Reset settings using Configuration Editor:
Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.
In the toolbar, click your name.
Click Configuration Editor.
Add a custom message to notify users about re-logging into their portal after a password change:
Click Policies > Password Policies.
Select the appropriate password policy. If you only have one password policy, click default.
In the Password Change Message field, add the custom message.
In the toolbar, click Save changes.
Add a URL where to forward users after completing any activity except for password changes:
In the toolbar, click your name.
Click Configuration Editor.
Click Settings > Application > Application.
In the Forward URL option, click Add Value.
Specify the URL where to forward users. For example:
intranet.company.com
In the Logout URL option, add an Access Manager logout URL.
Click Add Value, then specify the Access Manager logout URL. For example:
intranet.company.com/AGLogout
In the toolbar, click Save changes.
Enable Self Service Password Reset to log out users after a password change:
In the toolbar, click your name.
Click Configuration Editor.
Click Modules > Authenticated > Change Password.
Enable the Logout After Password Change option.
In the toolbar, click Save changes.
You must configure the Access Gateway to redirect users to Self Service Password Reset when their password expires. You can configure this in Access Manager.
Log in to the Access Manager administration console.
Click the identity server cluster you want to modify.
Click > Local > Contracts > Contract Name > Password Expiration Servlet.
Set the URL option to the Self Service Password Reset Change Password URL. For example:
http://password.example.com/sspr/private/ChangePassword?passwordExpired=true
Click OK twice, then click Close.
This URL specifies that if the authenticated user's password has expired and there are grace logins remaining, then the user must be redirected to the Self Service Password Reset change password portal.
Administrators can configure the Access Manager Identity Server login page to include the Forgotten Password URL for Self Service Password Reset. On the Identity Server, add the following HTML code in the login.jsp file (/opt/novell/nids/lib/webapp/jsp/login.jsp) above the last two </body></html> tags:
<CENTER> <a href="https://intranet.company.com/sspr/public/ForgottenPassword? forceAuth=TRUE&logoutURL=https://intranet.company.com/AGLogout" target="_top"> Forgot Password - Self Service Password Reset</a></CENTER>