Hello chris.leung,
Please check out the responses from Alex and Jon and let us know how you plan to continue.
Of course, other Community members are welcome to continue this Discussion, especially around a direct customisation suggestion for the original query.
Without directly answering your original question, I do have some further things for you to think about:
- Consider moving away from PIN authentication over to O/S authentication. It is most common for SDM sites to authenticate against a separate store, such as MS Active Directory. This then handles all of that password management side for you in that tool. Although it still has its uses, PIN authentication is quite the "classic" technology, and there would be many benefits to updating the authentication system in use, such as not storing "passwords" in plain text in the SDM database. (I know it doesn't fix your use case, but something to think over.)
- The "Login" page fails over to a login unsuccessful message, and possible at this point there is an opportunity to introduce a new link via customisation. I think if you enter an SDM page with an invalid SID you will also get redirected to an page. You **may** be able to exploit this functionality.
- Can you reverse the sequence of events? Can you have people go first to the "Password" page, where they enter their details. You then use Web Services to attempt an action with these credentials. If they work, then the user gets passed to the Login Page (maybe can pass on the login details also), and if not goes to your reset page.
Okay, so the last two points are just thought bubbles, and would need further work. But I'd talk to CA Services if you were interested in them and don't get a further response here.
Otherwise, and you may have your reasons for not doing it, I'd consider going via (1).
Please update this thread.
Thanks, Kyle_R.