Password Change via Custom pages

morpheuss_ · ‎10-28-2009

We have used the passwordExpiration.thtml to notify users that their password is about to expire in the past, but there is no functionality to link the user from there to the PasswordChange.thtml to enable the user to change the password at that point if they so choose, seems rather silly that you would warn the user that the password is about to expire and not give them the option to do so.

The work around we have in place is to have the users let the password expire, this seems to trigger the PasswordChange.thtml page at login which then enables the user to reset their password.

Over the years I have brought this up with Juniper to no avail, the only thing they kept suggesting was to send the user to the default ive bookmarks console to do it there, well that's why I use custom pages because I do not expose the bookmark console to my users, I want to be able to this with entirely with custom pages

If any one has figured out how to call the PasswordChange.thtml page from the passwordExpiration.thtml page and pass it the required user information , please let me know,

Thx

Russ_ · ‎10-29-2009

Took a while, but I figured out a way to do this. For my test, I used an Active Directory (LDAP) Auth server on IVE versions 6.0R3.1 and 6.5R1. Read the entire post before attempting.

Insert the following code into the PasswordExpiration page, two lines below the startPageLink variable (near line 82):

----START CODE----

To change your password now, use the form below:
<form autocomplete="off" method="post" name="frmChgPasswd" action="welcome.cgi">
<table>
<TR>
<TD colspan="2"> </TD>
</TR>
<TR>
<TD>Username</TD>
<TD><INPUT type="text" name="username" maxlength="32" size="20"></TD>
<TD> </TD>
<TD> </TD>
</TR>
<input type=hidden name=authserver value="Active Directory">
<input type=hidden name=realmId value="120">
<input type=hidden name=p value="passwordChange">
<TR>
<TD>Old password</TD>
<TD><INPUT type="password" name="oldPassword" maxlength="32" size="20"></TD>
<TD> </TD>
<TD> </TD>
</TR>
<TR>
<TD>New password</TD>
<TD><INPUT type="password" maxlength="32" size="20" name="newPassword"></TD>
<TD> </TD>
<TD> </TD>
</TR>
<TR>
<TD>Confirm password</TD>
<TD><INPUT type="password" maxlength="32" size="20" name="confirmPassword"></TD>
<TD> </TD>
<TD> </TD>
</TR>
<TR>
<TD> </TD>
<TD><INPUT type="submit" name="passwordChange" value="Change"></TD>
<TD> </TD>
<TD> </TD>
</TR>
</table>
</form>

-----END CODE-----

You'll need to change the realmId and authserver hidden values. In my example above, the authserver was Active%20Directory (I stripped out the %20) and the realmId was 120. On version 6.5R1, the authserver was number. The easiest way to get your values, is to use an Active Directory account that has the "User must change password at next logon" Account option checked. Having that option checked will trigger the PasswordChange page on the IVE. Logon to the IVE using that account . You should be directed to the PasswordChange page. Look at the URL in the address bar. You'll see the realmID and authserver info in the URL. Plug those values into the code above and load the custom page on to the IVE. I could find no dynamic way to plug in these values. If you have many Realms tied into one sign-in policy, this process could be cumbersome...

Next, you'll need to test the new PasswordExpiration page. I had to go door-to-door to find someone with a password that was expiring within the next few days, but you could also try fiddling with the "Display warning x day(s) before password expires" on your Realm's Authentication Policy. Logon to the new custom page on your IVE and test it out.

Ive attached a copy of my PasswordExpiration page as an example.

Regards,

Russ

Password Change via Custom pages

Password Change via Custom pages

Re: Password Change via Custom pages