IdmPasswordResetState
This AuthState is a processing AuthState.
This plug-in allows the triggering of a password or a context password reset on nevisIDM.
The password or context password policy has to allow the option to trigger such a reset. Additionally, it is possible to check the value of user attributes and properties stored in nevisIDM. The user can set the new password. If the user does not set the new password, nevisIDM will generate it.
The IdmPasswordResetState auth state uses the user who was set in the session. If there is no user in the session, but the session or the request contains the user loginID, the auth state will load the user. If no loginID is present, the auth state will return the transition "failed". If the user in the session does not contain all required attributes, the IdmPasswordResetState will reload the user. This can happen, e.g., if the user was loaded into the session with lower detail levels than required by this auth state.
Topic | Description |
---|---|
Class | ch.nevis.idm.authstate.IdmPasswordResetState |
Logging | IdmAuth |
Auditing | none |
Marker | NevisIDM:mutation |
Properties | ignoreCase (boolean, false) This property defines whether the attribute and property check should be case-sensitive or not. |
resetLockedPasswords (boolean, false) This property defines whether it is possible to reset locked passwords or not. If the parameter is true, it is possible to reset locked passwords as well. In this case, only disabled passwords cannot be reset. If the parameter is false, it is only possible to reset active passwords. | |
verify.user.<attribute name> (String, -)Defines the value to which the corresponding nevisIDM user attribute will be compared. The name of the attribute has to match the name defined in nevisIDM. This is ignored when the value in nevisIDM is not set. | |
verify.user.prop.<property name> (String, -)Defines the value to which the corresponding nevisIDM user property will be compared. The name of the property has to match the name of a property with the scope "onUserGlobal" defined in nevisIDM. This is ignored when the value in nevisIDM is not set. | |
user.loginType (AUTO / EMAIL / LOGINID, AUTO) This property specifies the information the user has to enter in the Login view. EMAIL: The user has to enter the e-mail address; nevisIDM searches the user by this e-mail address. LOGINID: The user has to enter his login ID; nevisIDM searches the user by this login ID. AUTO (default): The user can use either his login ID or his e-mail address at login. nevisIDM will detect automatically which of the two the user entered. Note that a login with the e-mail address will only work if within nevisIDM the parameter application.feature.emaillogin.enabled has been set to "true", also, if user.loginType is "AUTO" and the user's login ID looks like an e-mail address, nevisIDM will search for the user by his e-mail address. | |
credential.type ("PASSWORD" / "CONTEXT_PASSWORD", default: "PASSWORD") The state supports resetting the user's password and context password as well. In case of context passwords, the credential.type parameter must be set to "CONTEXT_PASSWORD". The credential.type attribute is optional. If it is not set, the default value will be used. | |
credential.context (String, -) The state supports resetting the user's context passwords as well. To identify which context password credential to use, the credential.context parameter must be set. | |
Input | The userDto is loaded from the session. |
Transitions | ok: if credential was successfully reset. |
failed: If the user does not exist or if the attribute or property check failed and the transition "inputInvalid" is not defined. | |
policyFailure: The password selected by the user was not accepted by the password policy that is applicable for this user. | |
inputInvalid: if checking the defined user attributes or properties failed. | |
Output | passwordPart.0: first part of the generated password (the second part is communicated via e-mail, SMS or PDF). |
Errors | 4: PolicyViolation |
Notes | policyInfo Contains all password policy configurations of the password credential as an HTML list. |
policyViolations Contains all password policy violations of the new password as an HTML list. | |
policyInfo.* (all litDict entries matching policyInfo.) One note entry per password policy configuration will be defined. | |
policyFailure.* (all litDict entries matching policyFailure.) Only set when the new password violates a policy. One note entry per violated password policy configuration will be defined. |
Example
<AuthState name="ResetPassword"
class="ch.nevis.idm.authstate.IdmPasswordResetState" >
<ResultCond name="ok" next="WeakIdmPostProcessing"/>
<ResultCond name="failed" next="ResetFailed"/>
<ResultCond name="inputInvalid" next="CheckFailed"/>
<ResultCond name="policyFailure" next="CheckFailed"/>
<Response value="AUTH_CONTINUE">
<Gui name="AuthUidPwDialog" label="login.uidpw.label">
<GuiElem name="lasterror" type="error"
label="${notes:lasterrorinfo}" value="${notes:lasterror}"/>
<GuiElem name="isiwebuserid" type="text" label="userid.label" value="${request:loginId}"/>
<GuiElem name="isiwebnewpw1" type="pw-text" label="newpassword.label" optional="true"/>
<GuiElem name="isiwebnewpw2" type="pw-text"
label="newpassword.label" optional="true"/>
<GuiElem name="email" type="text" label="email.label" value="" />
<GuiElem name="phone" type="text" label="mobile.label" value="" />
<GuiElem name="propName" type="text" label="propertyName.label" value="" />
<GuiElem name="submit" type="submit" label="submit.button.label" value="Login"/>
</Gui>
</Response>
<propertyRef name="IdmCertificateWhiteList"/>
<property name="verify.user.email" value="${inargs:email}"/>
<property name="verify.user.mobile" value="${inargs:phone}"/>
<property name="verify.user.prop.propertyName" value="${inargs:propName}"/>
<property name="ignoreCase" value="true"/>
<property name="resetLockedPasswords" value="false"/>
</AuthState>