CA Service Management

  • 1.  Force user to reset password

    Posted Jun 03, 2014 01:47 PM

    We are using pin (z_passwd) for authentication in our environment.   Now we have a requirement to force analyst to change their password every 90 days.  We have write a htmpl page for resetting the password and it can be called manually by analyst from the menu bar.  However we would like to automatically redirect analyst to this page once after they login the service desk.  Is there any function that can redirect a user to a page automatically?  I tried using window.location in the gobtn_role.htmpl but it doesn't work..



  • 2.  RE: Force user to reset password

    Posted Jun 04, 2014 11:06 AM

    anyone has some ideas?  in fact i have already built the password reset page.  what i need to do is to redirect the analyst to that page after they are logged in



  • 3.  Re: RE: Force user to reset password

    Broadcom Employee
    Posted Jun 19, 2014 03:03 PM

    Chris,

     

    I'm sorry, but I can't think of a scenario where this could be done using the out of the box functionality. I assume some customization would need to be performed on the login page, but I'm not sure how the system would know if the z_passwd field had been updated in the last 90 days. Perhaps an additional customization can be introduced to write a timestamp to another custom field whenever the "z_passwd" field is updated, and then on the login.htmpl a check may be performed against the custom timestamp field to see if it's 90+ days, then perhaps it can present your custom page.

     

    I haven't tested any of this, and maybe it's easier said then done. Perhaps CA Services can come up with a solution, if you're interested in going that route just let us know.



  • 4.  Re: RE: Force user to reset password

    Posted Jun 19, 2014 03:43 PM

    This is a great candidate for the idea wall



  • 5.  Re: Force user to reset password

    Posted Jun 19, 2014 10:41 PM

    Hello chris.leung,

     

    Please check out the responses from Alex and Jon and let us know how you plan to continue.

     

    Of course, other Community members are welcome to continue this Discussion, especially around a direct customisation suggestion for the original query.

     

    Without directly answering your original question, I do have some further things for you to think about:

     

    1. Consider moving away from PIN authentication over to O/S authentication. It is most common for SDM sites to authenticate against a separate store, such as MS Active Directory. This then handles all of that password management side for you in that tool. Although it still has its uses, PIN authentication is quite the "classic" technology, and there would be many benefits to updating the authentication system in use, such as not storing "passwords" in plain text in the SDM database. (I know it doesn't fix your use case, but something to think over.)
    2. The "Login" page fails over to a login unsuccessful message, and possible at this point there is an opportunity to introduce a new link via customisation. I think if you enter an SDM page with an invalid SID you will also get redirected to an page. You **may** be able to exploit this functionality.
    3. Can you reverse the sequence of events? Can you have people go first to the "Password" page, where they enter their details. You then use Web Services to attempt an action with these credentials. If they work, then the user gets passed to the Login Page (maybe can pass on the login details also), and if not goes to your reset page.

     

    Okay, so the last two points are just thought bubbles, and would need further work. But I'd talk to CA Services if you were interested in them and don't get a further response here.

     

    Otherwise, and you may have your reasons for not doing it, I'd consider going via (1).

     

    Please update this thread.

     

     

    Thanks, Kyle_R.



  • 6.  Re: Force user to reset password

    Posted Jul 10, 2014 03:43 AM

    ADMIN.

     

    Hello Chris,

     

    I'm flagging this post as "Assumed Answered", as no update from you for a while and there are several feedback posts on here.

     

    Note you can change this status, and it is not the same as "Correct Answer" which only you should set.

     

    Thanks, Kyle_R.