Environment
Situation
Issue
The customer created an application definition for an in-house developed application. SecureLogin is being configured to handle logon, invalid logon, account locked and change password.
For this application, logon could be to any number of different backend databases and they all have different usernames and password combinations. For example. JCitizen might logon to the Finance database with the username ""CitizenJ"" and the password ""str0ng0ne"", and logon to the HR database with the username ""JohnCitizen"" and the password ""3v3nstr0ng3r!""
To handle this, the SetPlat command is used to create a separate ""platform"" for each credential set and store the different username and password combinations against them. Instead of limiting the application to one username and password, SetPlat means the user can store and manage unlimited credential sets to as many backend systems that are required.
Logon is working perfectly well, but when the password needs to be changed, SecureLogin should enter the user’s current password and automatically generate a new one based on a password policy (the customer has chose this instead of allowing the user to enter their own).
However, SecureLogin is prompting the user to enter their current password. SecureLogin should know the password, but it seems it doesn’t have, or can’t read, any stored passwords.
Resolution
Cause
To handle multiple credentials sets for the different databases, the SSO administrator implemented the SetPlat command in the Logon section. However, SecureLogin needs to know which credential set to change the password for. The ReLoadPlat command sets the focus to the ""last selected"" credential set.
The ReLoadPlat command must exist for all scenarios that must read and/or write logon credentials (e.g. logon, change password, failed logon).
It must be added to the Change Password process as per the solution below.
Solution
The SSO administrator added the ReLoadPlat command to the relevant sections of the application definition. This particular application returns a change password successful message which is where the password is set and ReLoadPlat is also required in that section.
#========================================================# # Force the $Password to use the Norway Password Policy # #========================================================# RestrictVariable ?NewPwd AppPwdPolicy #=================# # Logon Prompt # #=================# Dialog Class ""#32770"" Title ""Login"" EndDialog PickListAdd Finance PickListAdd HR PickListAdd IT PickListDisplay ?Choice ""Please select the Database you wish to logon to."" #====================================================================# # Required to store multiple credential sets # # Credentials will be saved under platforms named Finance, HR and IT # #====================================================================# SetPlat ?Choice SetPrompt ""Username ===>"" Type $Username #1001 SetPrompt ""Password ===>"" Type $Password #1002 SetPrompt ""Database ===>"" Type $Database #1003 Click #1 SetPrompt ""Please enter your logon credentials for the system you wish to access."" #==========================# # Change Password routine # #==========================# Dialog Class ""#32770"" Title ""Change Password"" EndDialog #===================================================# # Without this line the process was failing # # It is required to use the last selected platform # #===================================================# ReLoadPlat #============================================================# # Type the current password in, then generate a new one # # Enter the new password into the new and verify pwd fields ##============================================================# Type $Password #1004 ChangePassword ?NewPwd Random Type ?NewPwd #1005 Type ?NewPwd #1006 Click #1 #============================================# # Change successful, save the new password! # #============================================# Dialog Class ""#32770"" Title ""Change Password Successful"" EndDialog ReLoadPlat Click #2 Set $Password ?NewPwd