Novell Doc: Identity Manager User Application: Administration Guide

19.7 IDM Forgot Password portlet

This self-service portlet uses challenge/response authentication to let the user get information about their password. The result, which depends on the assigned password policy, may include:

Displaying the user’s password hint on the screen
Emailing the hint to the user
Emailing the password to the user
Prompting the user to reset (change) the password

19.7.1 Requirements

The IDM Forgot Password portlet has the following requirements:

Topic	Requirements
Password policy	This portlet requires a password policy with forgotten password enabled and a challenge set.
Universal Password	This portlet does not require Universal Password to be enabled (unless you want to support the following forgotten password actions: reset password or email password to user).

19.7.2 Usage

To use the IDM Forgot Password portlet, you need to know about the following:

How IDM Forgot Password is used during login

During the login process, the IDM Login Portlet redirects to the IDM Forgot Password portlet if the user clicks the Forgot Password link. When IDM Forgot Password displays, it does the following:

Prompts for username.
Redirects to the IDM Login Portlet to perform challenge/response authentication for that user.
Performs the forgotten password action specified in the authenticated user’s assigned password policy. It does one of the following:
- Redirects to the IDM Change password portlet so the user can reset their password
- Emails the password or hint to the user
- Displays the hint

NOTE:The IDM Forgot Password portlet is not intended for stand-alone use. That means you should not plan to add it to a shared page in the user application. Placing this portlet on a page creates the potential security risk of persons changing the password on an unattended machine without the user’s knowledge or permission.

Configuring your environment for email actions

If you want to support the forgotten password email actions, you need to make sure your email notification server is set up properly:

Use a Web browser to access iManager on your eDirectory server and log in as an administrator.
Go to Roles and Tasks>Passwords and select Email Server Options.
Specify the appropriate settings, then click OK.

The IDM Forgot Password portlet uses two email templates. In iManager you will find them in Roles and Tasks>Passwords>Edit Email Templates. They are named:

Password hint request
Your password request

You can change the content of these templates as needed for your application (but don’t change the structure).

Preferences for IDM Forgot Password

The IDM Forgot Password portlet provides the following preferences:

Preference	Details
login-sequence	The NMAS login sequence to use. In this version, the portlet supports only Challenge Response.
ldap-sslport	The secure ldap port to use. The default is 636.
allow-wildcard	Whether the user can type wildcards when entering the username. The default is false.
encoding	The character encoding to use. The default is utf-8.