Most of the procedures in the Password Self-Service section assume that you are using the Password Self-Service features on an iManager 2.02 server.
Refer to the following table for instructions on how Password Self-Service features can be used with portal products, including products other than iManager.
Product |
Support for Password Self-Service |
Procedure |
---|---|---|
iManager 2.0.2 |
You can integrate the features. This product supports Password Self-Service features if you install the password management plug-ins. These plug-ins are included with the Identity Manager 3 and are also available separately from download.novell.com. |
Follow the steps in
|
Identity Manager User Application |
User application allows users to perform password self-service tasks. |
See Chapter 7, “Application Configuration” in the User Application Administration Guide . |
Virtual Office, provided with NetWare 6.5 Support Pack 2, running on an iManager server |
You can integrate the features. You can use the Password Self-Service features on the same NetWare server used for Virtual Office and iManager by installing the plug-ins and completing some additional steps. |
Section 4.8.1, Integrating Password Self-Service with Virtual Office |
Novell Portal Services (NPS) versions earlier than 4.1 |
You must link to the features. Although these legacy NPS products run Novell portal modules (NPMs), they don't have some of the enhancements that are required for the Password Self-Service features of the ForgottenPassword.npm. To use this product with Password Self-Service, create links from your company portal to the end-user password features on an iManager server. |
Section 4.8.2, Linking to Password Self-Service from a Company Portal |
Third-party products |
You must link to the features. Because third-party products don't run Novell portal modules, you can't use the Password Self-Service features directly in another product. To use third-party products with Password Self-Service, create links from your company portal to the end user password features on an iManager server. |
Section 4.8.2, Linking to Password Self-Service from a Company Portal |
Virtual Office supports all the features of Password Self-Service in NetWare 6.5 Support Pack 2 or later, OES for Linux, and OES for NetWare.
For instructions, see the Virtual Office Configuration Guide .
For products that can't provide the Password Self-Service features by running the ForgottenPassword.npm (as noted in the table in Section 4.8, Adding Password Self-Service to Your Company Portal), you can use the Password Self-Service features by creating another iManager server with the password management plug-ins installed and then linking from your portal home page to the iManager portal on the other server, such as https:// iManager_server_IP_address/nps.
The password management plug-ins are included with the DirXML 2 plug-ins and are available separately by downloading the 2.0 Password Management Plug-in for iManager 2.0. x from http:\\download.novell.com.
The one feature that is not easy to incorporate is post-authentication services, which prompts users to update their passwords to comply with password policies and prompts them to set up Forgotten Password Self-Service according to the password policy, such as creating a password hint. To make sure that users have compliant passwords and are set up to use Forgotten Password Self-Service, you need to make sure that users log in to the iManager portal at least once to create compliant passwords and complete the password management setup, and then again whenever you make changes to Password Policies.
Complete the tasks in these sections:
The iManager server and the tree you are using must be prepared as follows:
Meet the prerequisites described in Section 3.3, Prerequisite Tasks for Using Password Policies
Make sure you have set up Password Policies for your eDirectory users
To give users access to Forgotten Password Self-Service from your company portal, you can link to that service on a separate iManager Web server.
Create a link such as “Forgot your password?” on the login page for your company portal and point it to the following URL on your iManager Web server:
http:// iManager_server_IP_address/nps/servlet/fullpageservice?NPService=ForgotPassword&nextState=getUserID
This URL takes users to the following page, where they begin the Forgotten Password process.
Complete the steps in Returning Self-Service Users to the Company Portal.
Make sure all the eDirectory users in the portal users container have rights to self for the Hint attribute, named nsimHint.
When you install the DirXML plug-ins on an iManager Web server, this step is automatically completed for the tree that iManager is configured for.
If you are pointing to a different tree, you must complete this step manually.
A utility is provided to help you do this, which you can download and run by doing the following:
Go to http:\\download.novell.com.
Fill in the following fields:
Search By: Product
Choose a Product: Novell Identity Manager
Download the item named 2.0 Password Management Plug-in for iManager 2.0. x.
Follow the instructions in the nsimhintreadme.txt file.
If users do not have rights to self for the nsimHint attribute, they get an error like the following when they try to create a hint:
“Could not write user hint” (Task could not be completed).
Provide users with a link from your company portal to the password management tasks.
You can create a Manage Passwords link from the company portal and link to https:// other_iManager_server/nps. This link would provide access to the Password Management end user tasks:
Hint Setup
Answer Challenge Questions
Change Password (Universal)
A user who clicks on the link would first need to log in and then would see a page like the following example:
Complete the steps in Returning Self-Service Users to the Company Portal.
The Password Self-Service features include scenarios in which users are provided with a link that lets them return to the login page. For example, when a user changes a password using the Forgotten Password Self-Service, a page is displayed with the message Your password has been successfully changed. Click here to return to login page.
If you point from your company portal to Password Self-Service on a separate iManager server, you might want to customize the default return page so that users are returned to the login page for your company portal when they complete password tasks. By default, clicking the button returns the user to a page on the iManager Web server.
A link to return to the login page is provided in these three places:
The page where a user can set a new password
The page displayed after a user successfully changes a password
The page where a user views a hint
To customize the return page to go to the login page for your company portal:
On the iManager Web server you are using for Forgotten Password Self-Service, locate the following directory:
\tomcat\webapps\nps\portal\modules\ForgottenPassword\skins\default\devices\default
Locate the following file in that directory:
forgottenpassword.xsl
Edit the forgottenpassword.xsl file to customize the default return page.
Replace the code
href="{LoginURL}"
with a hard-coded URL such as
href="(http:\\www.your_company_portal_home_page.com)"
You need to make this change in three places in the file.
Stop and restart Tomcat on the iManager server.
The Return to Login Page links now redirect users to your company's portal login page.
When users log in to the iManager portal at https:// iManager_server_IP_address/nps, they are prompted to take action through a series of post-authentication pages if conditions such as the following are true:
The user password doesn't comply with Advanced Password Rules in the password policy
The password policy requires Challenge Questions when using Forgotten Password Self-Service and the user has not configured these questions
The password policy is using Forgotten Password with Display Password Hint as the action and the user has not created a hint
For example, these prompts are necessary to make sure that the user can use Forgotten Password Self-Service. If the password policy requires users to answer Challenge Questions and the user has never configured them initially, the user can't access Forgotten Password Self-Service. If the user has not created a password hint, the user can't retrieve it to help in remembering the password.
Because other portal products won't automatically provide the post-authentication features, you need to make sure that users log in to the iManager portal at least once to create compliant passwords and complete password management setup, and then again whenever you make changes to Password Policies.
This can be done by making sure that users go to a Manage Passwords link you provide as described in Linking to User Password Management Tasks, which requires users to log in to the iManager portal.