Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:modules_pwdreset [2021/06/23 08:57] sourek [Table] |
tutorial:adm:modules_pwdreset [2023/11/09 11:57] polakb |
||
---|---|---|---|
Line 4: | Line 4: | ||
===== How does it work? ===== | ===== How does it work? ===== | ||
- | {{ : | ||
+ | {{ : | ||
===== Process of restoring your forgotten password ===== | ===== Process of restoring your forgotten password ===== | ||
- | Users can restore their forgotten password via the password reset module. User can start the process on CzechIdM´s login page by clicking on " | ||
- | {{ : | + | Users can restore their forgotten password via the password reset module. User can start the process on CzechIdM´s login page by clicking on " |
+ | |||
+ | {{ .: | ||
For now, the identity' | For now, the identity' | ||
- | {{ : | + | {{ .: |
After clicking on the link, which contains verification token in GET parameters, user is asked to fill in new password. If the password change succeeds (password validation is OK and user can change their own password), then the user can log in to CzechIdM with a new password. | After clicking on the link, which contains verification token in GET parameters, user is asked to fill in new password. If the password change succeeds (password validation is OK and user can change their own password), then the user can log in to CzechIdM with a new password. | ||
- | {{ : | + | {{ .: |
===== Password generating ===== | ===== Password generating ===== | ||
- | Password reset module has a process for generating new password by default based on a password policy for IdM. The form for password generating is a part of the password change component. To generate password to an end system it is necessary to enable the event type '' | ||
- | Password generating | + | Password |
- | <note important> | + | Password |
- | By default, the "Password | + | |
- | </ | + | |
+ | <note important> | ||
===== Reset password in user´s system accounts ===== | ===== Reset password in user´s system accounts ===== | ||
+ | |||
Password reset module changes user's passwords only to their CzechIdM account. To reset passwords to end system accounts you need to have the acc module enabled and do a little bit of configuration. You need to set IdentityPasswordProvisioningProcessor and PasswordValidateProcessor to respond to PASSWORD_RESET event type. You can do it by setting | Password reset module changes user's passwords only to their CzechIdM account. To reset passwords to end system accounts you need to have the acc module enabled and do a little bit of configuration. You need to set IdentityPasswordProvisioningProcessor and PasswordValidateProcessor to respond to PASSWORD_RESET event type. You can do it by setting | ||
Line 34: | Line 35: | ||
idm.sec.acc.processor.identity-password-provisioning-processor.eventTypes=PASSWORD, | idm.sec.acc.processor.identity-password-provisioning-processor.eventTypes=PASSWORD, | ||
idm.sec.acc.processor.identity-password-validate-processor.eventTypes=PASSWORD, | idm.sec.acc.processor.identity-password-validate-processor.eventTypes=PASSWORD, | ||
+ | |||
</ | </ | ||
Line 40: | Line 42: | ||
< | < | ||
idm.sec.core.processor.identity-password-change-notification.eventTypes=PASSWORD, | idm.sec.core.processor.identity-password-change-notification.eventTypes=PASSWORD, | ||
+ | |||
</ | </ | ||
Line 45: | Line 48: | ||
===== Installation ===== | ===== Installation ===== | ||
+ | |||
Download the module distribution package. The package contains a backend folder. Your IdM Tomcat installation we call IDM in the following example. | Download the module distribution package. The package contains a backend folder. Your IdM Tomcat installation we call IDM in the following example. | ||
+ | |||
- Copy the content of the backend folder into your tomcat IdM installation - [IDM]/ | - Copy the content of the backend folder into your tomcat IdM installation - [IDM]/ | ||
- Set correct access rights to the files if needed ('' | - Set correct access rights to the files if needed ('' | ||
- Restart the IdM application server ('' | - Restart the IdM application server ('' | ||
- | - Log in to CzechIdM as a privileged user and go to Settings | + | - Log in to CzechIdM as a privileged user and go to Settings |
- Go to the configuration and configure required properties (see below). | - Go to the configuration and configure required properties (see below). | ||
- | - Add the event types '' | + | - Add the event types '' |
===== Configuration ===== | ===== Configuration ===== | ||
+ | |||
The module provides following configuration properties: | The module provides following configuration properties: | ||
- | ^ Property | + | |
- | | idm.pub.pwdreset.allowed.attrs | + | ^Property |
- | | idm.sec.pwdreset.token.ttl | + | |idm.pub.pwdreset.allowed.attrs |
- | | idm.pub.pwdreset.identity.passwordReset.public.idm.enabled | + | |idm.sec.pwdreset.token.ttl |
- | | idm.sec.pwdreset.debug | + | |idm.pub.pwdreset.identity.passwordReset.public.idm.enabled |
- | | idm.sec.pwdreset.token.length | + | |idm.sec.pwdreset.debug |
+ | |idm.sec.pwdreset.token.length | ||
===== Video Guide ===== | ===== Video Guide ===== | ||
+ | |||
[[https:// | [[https:// | ||
+ | |||
+ | ===== FAQ ===== | ||
+ | |||
+ | ==== How to allow password reset in CAS? ==== | ||
+ | |||
+ | For CAS docker set env variables: | ||
+ | < | ||
+ | |||
+ | - CAS_CUSTOM_FRONTEND_PASSWORDRESET_DISPLAY=true | ||
+ | - CAS_CUSTOM_FRONTEND_PASSWORDRESET_LINK=< | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ |