Installing NMAS Password Self Service on a server running Virtual Office

  • 3220409
  • 11-May-2007
  • 06-Jun-2012

Environment

Novell NetWare 6.5 Shipping, SP1, or SP2
Novell eDirectory 8.7.3 for All Platforms
Novell iManager 2.0.2
Novell Modular Authentication Service version 2.3

Situation

There is no "Forgot Password?" link on the login page to VirtualOffice (or iManager 2.0.2).

Resolution

Note: if OES NetWare or Linux is used, this process will not function. Instead, log in to VirtualOffice, click on "Services Administration", and then "Change Password". Set the option to "Universal Password". If the Universal Password policy is set for the user, once the user logs in, they will be prompted to set any "forgot password" options. Any future "forgot password" link clicks will result in the forgotten password process starting.

If Virtual Office was installed on the server the /nps page is a hard coded theme which means no modification of the page can take place. Therefore the links for "Forgot Password" and "Password Management" were not automatically created. They will need to be manually created.
Installing NMAS Password Self Service on a server running Virtual Office
There is no "Forgot Password?" link found on the page displayed when typing in the URL "https://ipaddress/nps".

Documentation on Universal Password:Universal Password Deployment
Documentation on nSure Identity Management:Novell nSure Identity Manager 2

What is the usual process for a forgotten password?
The user goes to the server portal and selects the Forgot Password? link. They input their userid, they then are prompted for their mother's maiden name. If they input this information correctly they are then given a hint about their password. They then can put the correct password into their NetWare client and complete logging into the tree. To change hints and challenges, if the policies in place allow for this, the user would sucessfully log into Portal and he would see the following url titles. Included is the url detail so that these links can be manually created.

What if Virtual Office is installed - Forgot Passwordlink is not displayed
If the Forgot Password? link is not displayed on the /nps page it is likely you are runningNetWare 6.5 withVirtual Officeinstalled. Options include setting up Self help on a server not running virtual office but is configured for iManager 2.02. Alternately, this url can be manually created on another page on the Virtual Office server. For instance these url's could be added to the main or a child Apache page under the default document root. An example would be to create a subdirectory under sys:\Apache2\htdocs called pw. Then create an index.html document in this directory that has the following URL's.

Forgot Password?- https://ipaddress/nps/servlet/fullpageservice?NPService=ForgotPassword&nextState=getUserID
Hint Setup -https://ipaddress/nps/servlet/portal?render=on
(Note: If the policy is set to force users to setup their challenge and hint then just logging into Portal will begin the process of completeing this task)
Answer Challenge Questions -https://x.x.x.x/nps/servlet/portalservice?GI_ID=System.InheritableArea&maxWnd={DFEAB0A5-0000-00FA-EF17-D8F18941D74E}:-325968836
Change Password-https://x.x.x.x/nps/servlet/portalservice?GI_ID=System.InheritableArea&maxWnd={2524A5A6-0000-00FA-EF17-DA438941D74E}:-547803117

Now when users go tohttps://ipaddress/pwthey will see these links.

One more customization forVirtual Officeis required. Within the Forgotten Password app is a stylesheet that in turn redirects the user back to the NPS page. Since we do not want the user to hit that url due to the above described situation further modification is necessary to re-direct them back to our customer page. One may customize the "return to company portal login page" experience for the users by doing the following:

1. Edit the "forgottenpassword.xsl" file, which is found in tomcat\webapps\nps\portal\modules\ForgottenPassword\skins\default\devices\default.
2. Replace the 3 instances of href="{LoginURL}" with a hard-code URL like href="(YourPortalLoginPage)" or href=https://ipaddress
3. Stop and restart Tomcat 4. The "Return to Login Page" links will now redirect users to your company's portal login page (or Virtual Office, etc).
Note: The "Return to Login Page" link shows up in 3 places: 1) on the page where you can set your new password, 2) on the page displayed after you successfully change your password, and 3) on the page where you view your Hints. Thus there are the 3 locations in the style sheet (xsl file).

.
Return toInstalling the new NMAS 2.3 Universal Password Policies and Self Service Forgotten Password enhancements

Additional Information

NOTE: Netware 6.5 SP2 has a new option in iManager | Virtual Office | Services Administration | Change Password Tab | Change Universal Password Link. Enabling this option will give the Forgot Your Password link when you go to the Virtual Office Login Page- https://ipaddress/nps.

Formerly known as TID# 10091932