wyldkao Absent Member.
Absent Member.
742 views

About "Send verificaton"


HI
I am testing helpdesk function, when I login a helpdesk user to SSPR
and try to select a user to modify him.
I could modify his password fine...but I find a "send verification"
button...when I click it , it show a token ID , and user also receive a
mail to show this token.
But I do not know which place or scenario to use this token.

Who could provide example about token for me ?

thanks!!


wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=54045

0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: About "Send verificaton"

On 08/12/2015 08:46 PM, wyldkao wrote:
>
> HI
> I am testing helpdesk function, when I login a helpdesk user to SSPR
> and try to select a user to modify him.
> I could modify his password fine...but I find a "send verification"
> button...when I click it , it show a token ID , and user also receive a
> mail to show this token.
> But I do not know which place or scenario to use this token.
>
> Who could provide example about token for me ?


How about this:

*Ring Ring*
HD: "Hello, this is the HelpDesk."
John: "Hi, this is Kevin L, the CEO. I have forgotten my password."
HD: "No problem, Kevin. Let me just have you verify some info."
HD: "I've just sent you a token to your e-mail/SMS/whatever."
John: "Um, er, let me check..."
HD: "Take your time. Once you get it, just read me the token ID."
John: .........
John: "Um, I haven't received it yet."
....
*click*

Because the end user could not verify the token sent to the account of the
authorized user, they were not trusted, so the password was never reset,
or other rights were not granted to the mysterious voice over the phone
pretending to be some guy named 'Kevin' who was the CEO.

I do not know this to be the case, but it makes sense in my little mind.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
wyldkao Absent Member.
Absent Member.

Re: About "Send verificaton"


oh...
so this token just only when User ask helpdesk to change password,
let helpdesk to verify the user "indeed" is the real user ,right ?
the token informaion in verifycation mail does not used in any SSPR any
page, right ?

thanks!!


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=54045

0 Likes
Knowledge Partner
Knowledge Partner

Re: About "Send verificaton"

That is my guess. There are other times that tokens are possibly sent
from the system, such as during new user registration, when the new user
must use that big-long-ugly-base64-encoded token in order to prove they
own the e-mail account they registered, but that's different from this
token (by about a kilobyte).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.