Anonymous_User Absent Member.
Absent Member.
297 views

After change password get back to login page instead welcome


Hi,

I have configured a contract for my custom authentication class.
scenario is
1) user password has been expired.
2) while login with expired password, I am redirecting to change
password page.(My application page).
3) after change password should get back to login page but here it
redirect to welcome page, even my change password page send it to login
url.
redirection between login page to welcome page happening due to web
server redirection.

Point is during login it authenticate with novell LDAP and maintains
session and when change password page sends to login page due to active
session web server redirects to welcome page.
here i cannot invalidate session after change pasword due to some
requirement.
i have gone through
"http://www.novell.com/documentation/novellaccessmanager312/identityserverhelp/data/localcontract.html"
link but didn't help me out.

any one have any idea how can i achieve above requirement(i.e. get back
to login page after change expired password).

Thanks,
Vaibhav


--
vaibhavkhare
------------------------------------------------------------------------
vaibhavkhare's Profile: https://forums.netiq.com/member.php?userid=5266
View this thread: https://forums.netiq.com/showthread.php?t=48655

0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: After change password get back to login page instead welcome

On 10.09.2013 17:44:02, vaibhavkhare Wrote:
>
> I have configured a contract for my custom authentication class.
> scenario is
> 1) user password has been expired.
> 2) while login with expired password, I am redirecting to change
> password page.(My application page).
> 3) after change password should get back to login page but here it
> redirect to welcome page, even my change password page send it to
> login url.
> redirection between login page to welcome page happening due to web
> server redirection.
>
> Point is during login it authenticate with novell LDAP and maintains
> session and when change password page sends to login page due to
> active session web server redirects to welcome page.
> here i cannot invalidate session after change pasword due to some
> requirement.
> i have gone through
>

"http://www.novell.com/documentation/novellaccessmanager312/identityserverhelp/data/localcontract.html"
> link but didn't help me out.
>
> any one have any idea how can i achieve above requirement(i.e. get
> back to login page after change expired password).


Can you provide more details regarding exactly how you configured both
the password expiration service (particularly are you using the
<RETURN_URL> parameter?)

Also in your app which handles the password change - are you appending
the forceAuth=TRUE parameter?

Are you using form fill or identity injection in conjunction with this
web service?

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: After change password get back to login page instead welcome


alexmchugh;233817 Wrote:
> On 10.09.2013 17:44:02, vaibhavkhare Wrote:
> >
> > I have configured a contract for my custom authentication class.
> > scenario is
> > 1) user password has been expired.
> > 2) while login with expired password, I am redirecting to change
> > password page.(My application page).
> > 3) after change password should get back to login page but here it
> > redirect to welcome page, even my change password page send it to
> > login url.
> > redirection between login page to welcome page happening due to web
> > server redirection.
> >
> > Point is during login it authenticate with novell LDAP and maintains
> > session and when change password page sends to login page due to
> > active session web server redirects to welcome page.
> > here i cannot invalidate session after change pasword due to some
> > requirement.
> > i have gone through
> >

> "http://www.novell.com/documentation/novellaccessmanager312/identityserverhelp/data/localcontract.html"
> > link but didn't help me out.
> >
> > any one have any idea how can i achieve above requirement(i.e. get
> > back to login page after change expired password).

>
> Can you provide more details regarding exactly how you configured both
> the password expiration service (particularly are you using the
> <RETURN_URL> parameter?)
>
> Also in your app which handles the password change - are you appending
> the forceAuth=TRUE parameter?
>
> Are you using form fill or identity injection in conjunction with this
> web service?
>
> --
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...


Alex,
we configured as.
Under authentication contract we define expire password servlet as
https://tour-nag.tour.as.com/login/ser/change_password.jsp?LoginUserID=<USERID>&returl=<RETURN_URL>
here i tried multiple subset by define returl as hard-code but doesn't
work
my want to redirect page to
"https://tour-nag.tour.as.com/login/UI/Login" so i set here as
"https://tour-nag.tour.as.com/login/UI/Login?forceAuth=TRUE"
but doesn't work.
then i tried returl to my IDP (Identity Server) as
"https://tour-nag.tour.as.com/login/UI/Login:8443/nidp/idff/sso?sid=0&forceAuth=TRUE".

what happening actually we authenticate user first with IDP then
redirect user to change password, after completion of password change
should redirect to login page even my change password servlet redirects
url to login (https://tour-nag.tour.as.com/login/UI/Login) but issue is
session is active in IDP so it assumes as active user and redirect it to
welcome page instead of login.
So here we need to inactivate session in IDP but we have some issue so
we cannot inactivate session.
regarding identity injection
yes we are using identity injection only for authentication type and
uid, hoping this will not impact on this.

Please suggest me to achieve this functionality.


Thanks,
Vaibhav


--
vaibhavkhare
------------------------------------------------------------------------
vaibhavkhare's Profile: https://forums.netiq.com/member.php?userid=5266
View this thread: https://forums.netiq.com/showthread.php?t=48655

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: After change password get back to login page instead welcome


Correction on my above reply.
Alex,
we configured as.
Under authentication contract we define expire password servlet as
https://tour-nag.tour.as.com/login/ser/change_password.jsp?LoginUserID=<USERID>&returl=<RETURN_URL>
here i tried multiple subset by define returl as hard-code but doesn't
work
my want to redirect page to
"https://tour-nag.tour.as.com/login/UI/Login" so i set here as
"https://tour-nag.tour.as.com/login/UI/Login?forceAuth=TRUE"
but doesn't work.
then i tried returl to my IDP (Identity Server) as
"https://tour-nis.tour.as.com:8443/nidp/idff/sso?sid=0&forceAuth=TRUE".

what happening actually we authenticate user first with IDP then
redirect user to change password, after completion of password change
should redirect to login page even my change password servlet redirects
url to login (https://tour-nag.tour.as.com/login/UI/Login) but issue is
session is active in IDP so it assumes as active user and redirect it to
welcome page instead of login.
So here we need to inactivate session in IDP but we have some issue so
we cannot inactivate session.
regarding identity injection
yes we are using identity injection only for authentication type and
uid, hoping this will not impact on this.

Please suggest me to achieve this functionality.


Thanks,
Vaibhav


--
vaibhavkhare
------------------------------------------------------------------------
vaibhavkhare's Profile: https://forums.netiq.com/member.php?userid=5266
View this thread: https://forums.netiq.com/showthread.php?t=48655

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: After change password get back to login page instead welcome

On 11.09.2013 07:34:02, vaibhavkhare Wrote:
>
> Correction on my above reply.
> Alex,
> we configured as.
> Under authentication contract we define expire password servlet as
>

https://tour-nag.tour.as.com/login/ser/change_password.jsp?LoginUserID=<USERID>&returl=<RETURN_URL>


In case it's not clear, the returl parameter (or whatever you want to
name it) needs to be read by the password change page and then when the
password change is successful, it is the responsibility of the password
change page to redirect the user to the generated URL passed in this
returl parameter.

> here i tried multiple subset by define returl as hard-code but doesn't
> work
> my want to redirect page to
> "https://tour-nag.tour.as.com/login/UI/Login" so i set here as
> "https://tour-nag.tour.as.com/login/UI/Login?forceAuth=TRUE"
> but doesn't work.
> then i tried returl to my IDP (Identity Server) as
>

"https://tour-nis.tour.as.com:8443/nidp/idff/sso?sid=0&forceAuth=TRUE".
>


This should work (but might not be properly URL encoded)

If you want to specify the &forceAuth=true portion in password
expiration servlet field, it should be URL encoded like this for
example:

https://tour-nag.tour.as.com/login/ser/change_password.jsp?LoginUserID=<USERID>&returl=<RETURN_URL>%26forceAuth%3Dtrue

Otherwise if your password change page can be configured to hard code
specific parameters to the forwarded URL when the password was changed
successfully, then you could add the &forceAuth=true (without the need
to URL encode it)

> what happening actually we authenticate user first with IDP then
> redirect user to change password, after completion of password change
> should redirect to login page even my change password servlet
> redirects url to login (https://tour-nag.tour.as.com/login/UI/Login)


Is this login automated using identity injection which includes the
user's password?

The reason I'm asking about whether you identity inject the user's
password is this KB https://www.netiq.com/support/kb/doc.php?id=7003421

Do you have any Authorisation Policies which perform redirection -
could these be part of the problem?

> regarding identity injection
> yes we are using identity injection only for authentication type


What do you mean by "authentication type" is this the URI of the
Authentication Contract used to authenticate the user?

Also note that forceAuth=true is case sensitive.

Finally, do you have the ability to upgrade to the latest 3.1 patch
level (NAM 3.1.5). It's a long shot, but there may be fixes related to
this feature.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: After change password get back to login page instead welcome

vaibhavkhare wrote:

>
> Hi,
>
> I have configured a contract for my custom authentication class.
> scenario is
> 1) user password has been expired.
> 2) while login with expired password, I am redirecting to change
> password page.(My application page).
> 3) after change password should get back to login page but here it
> redirect to welcome page, even my change password page send it to
> login url.
> redirection between login page to welcome page happening due to web
> server redirection.
>
> Point is during login it authenticate with novell LDAP and maintains
> session and when change password page sends to login page due to
> active session web server redirects to welcome page.
> here i cannot invalidate session after change pasword due to some
> requirement.
> i have gone through
> "http://www.novell.com/documentation/novellaccessmanager312/identityse
> rverhelp/data/localcontract.html" link but didn't help me out.
>
> any one have any idea how can i achieve above requirement(i.e. get
> back to login page after change expired password).


As Alex points out, when you go back from the password management
servlet app to the IDP append forceAuth=true as a query string
parameter and the IDP will force the user to reauthenticate.


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.