Showing results for 
Search instead for 
Did you mean: 

User Preferences to change AD password


User Preferences to change AD password

My SA-2000 is connected with the windows AD.
If I want to allow the user to change the AD password I need to enable the
- "Password Management" in the realm
- the UI box needs to be checked on the USER -> ROLE -> OVERVIEW
- the preferences button needs to be displayed too -> USER -> ROLE -> UI OPTIONS

By enabling this the user gets 3 tabs when clicking on the preference button.

- User home
For the appearance/sorting the columns

- General
For changing the password

- Advanced
To delete cookies and for remote sso configuration

I would prefer just to give the user a button being able to change his password and nothing else.
Too much configuration abilities are not always wanted.

Is there a chance to reduce the 3 tabs to just one tab? Or even just to permit a change pass button?
The delete cookies ability in the advanced tab is depending on a configuration deeeeeep inside the box. The manual says that is just displayed in case the user has the right to delete the cookies. I couldn't figure out where this might be.
Maybe it is also possible to disable the remote sso configuration (in the hope at least the advanced tab will disappear).

Any suggestions?

Respected Contributor

Re: User Preferences to change AD password

You cannot completely remove the 3 tabs; however, you can drastically reduce the options available to your users.

If you would prefer not to have the preferences pane link, you can disable that where you enabled it.
You can still allow users to change their passwords by putting a link to the password change page as a bookmark. The link will be this: https://<yourIVE>/dana/pref/pref.cgi.
**Please note that you need to create a selective rewriting policy (Users>Resource Policies>Web>Selective Rewriting) set to do not rewrite, redirect to target web server for your IVE (https://<yourIVE>/*

Without the don't rewrite policy, you will get an access denied error message.

You can also disable the SSO configuration by going to your POST policy and where you see the option of "User CAN change value" or "User MUST change value" change that to "Not Modifiable" on the right-most column for "User Modifiable."

The User home tab should disapper when you remove the preferences pane from the toolbar (or so it has happened in my testing).
Another item to make sure of is under Users>User Roles>roleName>Web>Options>View advanced Options, make sure that persistent cookies are disabled.

Re: User Preferences to change AD password

Thanks for the hint with the link,

that is probably the easiest thing to populate the change pw destination.

When trying to look for the Users>User Roles>roleName>Web>Options>View advanced Options to check for persistant cookies are disabled I saw that this box was already UNchecked. The delete cookies option is still in the advanced tab of the preferences.

disable the SSO configuration is another thing...
I have a realm with only one user role that mapps only one ressource.

The Web POST policy is not modifiable ! on all points
Tricky is: When the user selects the advanced tab in the preferences he sees the

Advanced Preferences >
Configure Remote SSO (Single Sign On) Resources Select the Remote SSO Resource you wish to configure and click Configure.
Then the configure button (without a use you can click it but nothing happens)
Remote SSO Bookmark (with a grey circle.. unable to select) then the Resource and link to the resource.....

The resource button is gray and not chooseable, but the worst is that You see the resource like named as inside the box and also the link to the resource is in plaintext see-able for the user.

Respected Contributor

Re: User Preferences to change AD password

Hi aterockz,

You are welcome; hope that helps.

I would probaly recommend a JTAC case on this so it can be investigated further, especially for the remote SSO configuration.

If you do an XML export and then import, does the remote SSO preference disappear from view for the user?
For the XML test, please follow this outline:
1) Click "select all"
2) Unselect "network settings"
3) Export the configuration
4) Import the XML configuration using the standard import option.

Also, which version of the IVE are you using?

Re: User Preferences to change AD password

Because it is an productive environment I wouldn't just try an import/export to test something.

Currently I am using "6.0R3.1 (build 12507)"

So it should be not a version problem.



Re: User Preferences to change AD password

This was a great idea. I took it and expanded a bit by looking at the URL that gets called when a user is forced to change their password. I have successfully created the following web bookmark:


Be sure to HTMLEncode the name of your Auth Server. So if it is something like "CORP LDAP", it should be encoded to be "CORP%20LDAP"