NetIQ Documentation: Novell Self Service Password Reset 2.0.0 User Guide

5.3 Command Servlet

The CommandServlet allows you to redirect a user to SSPR and have it perform some specific command. The CommandServlet functions are used during a user's login sequence to a portal or other landing point.

The CommandServlet functions work best when used with a proxy, access gateway, or some other device that will auto-authenticate the user. Otherwise, the user will have to authenticate to SSPR during every login.

The CommandServlet calls can be combined with any of the request parameters described earlier, such as the forwardURL parameter.

For Example, the user login redirect sequence will be as mentioned in the following table:

URL Example	Description
http://portal.example.com	Initial request from browser.
http://portal.example.com/Login	Access gateway redirects to login page.
http://portal.example.com/	Access gateway redirects back to portal root.
http://portal.example.com/index.html	Web server redirects to index.html.
http://password.example.com/sspr/private/CommandServlet?processAction=checkAll&forwardURL=http%3A%2F%2Fportal.example.com%2Fportalpage.html	index.html has meta redirect to the SSPR checkAll CommandServlet with a URLEncoded forwardURL value.
http://portal.example.com/portal/main.html	SSPR redirects back to the actual portal URL.

The index.html described above would have the following content:

<html>
 <head>
  <meta http-equiv="REFRESH" content="0; URL=http://password.example.com/sspr/private/CommandServlet? processAction=checkAll&forwardURL=http%3A%2F%2Fportal.example.com%2Fportalpage.html"/>
 </head>
 <body>
  <p>If your browser doesn't automatically load, click
  <a href="http://password.example.com/sspr/private/CommandServlet? processAction=checkAll&forwardURL=http%3A%2F%2Fportal.example.com%2Fportalpage.html">here</a>.
  </p>
 </body>
</html>

5.3.1 Command

Command: checkExpire

URL: http://password.example.com/sspr/private/CommandServlet?processAction=checkExpire

Description: Checks the user's password expiration. If the expiration date is within the configured threshold, the user will be required to change password.
Command: checkResponses

URL: http://password.example.com/sspr/private/CommandServlet?processAction=checkResponses

Description: Checks the user's challenge responses. If no responses are configured, the user will be required to set them up.
Command: checkProfile

URL: http://password.example.com/sspr/private/CommandServlet?processAction=checkProfile

Description: Checks the user's profile. If the user's attributes do not meet the configured requirements, the user will be required to set their profile attributes..
Command: checkAll

URL: http://password.example.com/sspr/private/CommandServlet?processAction=checkAll

Description: Calls checkExpire, checkResponses and checkProfile consecutively.