How and where do I add a Forgot Password link to the "Secure Name/Password - Form"?

Hi,

How and where do I add a Forgot Password link to the "Secure Name/Password - Form"?

I was trying to see if I could find that information in the manual.

There is something about how to do it when using b2c.... but that is not the case.

  • 0  

    Hi Nicolai,

    the info should be available in the documentation (if you are talking about integration with NetIQ SSPR) and can be done in the Identity Server settings:

    https://www.netiq.com/documentation/access-manager-45-appliance/admin/data/configuring-sspr.html

    Best regards,
    Philipp

  • 0   in reply to   

    Thanks...... one could wish that would help.

    I need the link for forgotten password to appear on the login form.

    According to the SSPR Doc https://www.netiq.com/documentation/self-service-password-reset-47/sspr-adminguide/data/t43milg959i5.html#b14yznxn

    One should

    ----

    Integrating the Forgotten Password URL#

    You can configure the Access Manager user portal page to include the Forgotten Password URL for Self Service Password Reset. On the Identity Server, add the following HTML code in the login.jsp file (/opt/novell/nids/lib/webapp/jsp/login.jsp) above the last two </body></html> tags:

    <CENTER> <a href="https://intranet.company.com/sspr/public/forgottenpassword? forceAuth=TRUE&logoutURL=">intranet.company.com/AGLogout" target="_top"> Forgot Password - Self Service Password Reset</a></CENTER>

    ----

    However, the login.jsp file, on a NAM504 contains this (no html tags)

    --- CUT HERE  ---

    <%@ page import="com.novell.nidp.*" %>
    <%
        if (NIDPConstants.useLegacyUI())
            {
    %>
            <%@ include file="login_legacy.jsp" %>
    <%  } else { %>
            <%@ include file="login_latest.jsp" %>
    <%  }

    --- CUT HERE ----

    Modifying the "login_latest.jsp" file does not seem to work.

  • 0   in reply to   

    Hi Nicolai, thanks for you feedback!

    That's interesting, according to my notes we also updated login_latest.jsp the last time we added "custom" link for SSPR under

    /opt/novell/nam/idp/webapps/nidp/jsp

    ...

        <div>

               <a href="">sspr.acme.com/.../a>

          </div>

    ...

    That was on 4.5.x appliance though...

    Best regards,
    Philipp

  • 0   in reply to   

    Me again....

    Trying to follow the manual, for real.
    Perhaps there was a change in nam 504, which makes it do an actual call to sspr, and perhaps it will display the link, if NAM thinks that SSPR is operational.

    My NAM does not display the link, probably because it think something is wrong.

    Server health says
    SSPR Server : Server is not operational



    In the following log dump from the sspr server, sspr01.domain.dk is the local (inside) hostname, and sspr.domain.dk is the one we expose through the access gateway.

    It seems that the rest call goes through (I think)

    2024-05-03T12:09:33.101520+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, TRACE, server.RestAuthentication, {rest-28} authenticating with named secret 'NAMSECRET' [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.101639+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, DEBUG, server.RestServlet, {rest-28} rest request authentication status: {"type":"NAMED_SECRET","namedSecretName":"NAMSECRET","usages":["Health","SigningForm","Statistics","RandomPassword","Challenges","CheckPassword","Profile","Status","SetPassword","VerifyOtp","VerifyResponses"],"thirdPartyEnabled":true} [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.102377+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, TRACE, server.RestServlet, {rest-28} completed rest invocation in 5ms success=true [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.915522+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, TRACE, server.RestServlet, {rest-29} incoming HTTP REST request: GET request for: /sspr/public/rest/health [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.915720+02:00 sspr01 docker[1990]:  https secure request headers:
    2024-05-03T12:09:33.915828+02:00 sspr01 docker[1990]:   host='sspr01.domain.dk'
    2024-05-03T12:09:33.915930+02:00 sspr01 docker[1990]:   accept='application/json'
    2024-05-03T12:09:33.916030+02:00 sspr01 docker[1990]:   content-type='application/json'
    2024-05-03T12:09:33.916180+02:00 sspr01 docker[1990]:   authorization=*hidden*
    2024-05-03T12:09:33.916284+02:00 sspr01 docker[1990]:   cache-control='no-cache'
    2024-05-03T12:09:33.916382+02:00 sspr01 docker[1990]:   pragma='no-cache'
    2024-05-03T12:09:33.916497+02:00 sspr01 docker[1990]:   user-agent='Java/1.8.0_342'
    2024-05-03T12:09:33.916598+02:00 sspr01 docker[1990]:   via='1.1 sspr.domain.dk (Access Gateway-ag-C391554BED9F6C43-56555)'
    2024-05-03T12:09:33.916697+02:00 sspr01 docker[1990]:   x-forwarded-for='192.168.0.24'
    2024-05-03T12:09:33.916804+02:00 sspr01 docker[1990]:   x-forwarded-host='sspr01.domain.dk, sspr.domain.dk'
    2024-05-03T12:09:33.916903+02:00 sspr01 docker[1990]:   x-forwarded-server='sspr.domain.dk'
    2024-05-03T12:09:33.917002+02:00 sspr01 docker[1990]:   connection='Keep-Alive'
    2024-05-03T12:09:33.917101+02:00 sspr01 docker[1990]:  parameters: (no params)
    2024-05-03T12:09:33.917473+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, TRACE, server.RestAuthentication, {rest-29} authenticating with named secret 'NAMSECRET' [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.917595+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, DEBUG, server.RestServlet, {rest-29} rest request authentication status: {"type":"NAMED_SECRET","namedSecretName":"NAMSECRET","usages":["Health","SigningForm","Statistics","RandomPassword","Challenges","CheckPassword","Profile","Status","SetPassword","VerifyOtp","VerifyResponses"],"thirdPartyEnabled":true} [192.168.0.24/am03.domain.dk]
    2024-05-03T12:09:33.918664+02:00 sspr01 docker[1990]: 2024-05-03T10:09:33Z, TRACE, server.RestServlet, {rest-29} completed rest invocation in 4ms success=true [192.168.0.24/am03.domain.dk]

    Wonder what I can do to see what fails on the NAM side?