Ubisecure Password application is included in the Ubisecure SSO installation package. During a standard installation the software is partially installed. The application is not ready for use without explicit activation and further configuration.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<context-param> <param-name>mail.smtp.host</param-name> <param-value>smtp-gw.example.com</param-value> </context-param> <context-param> <param-name>mail.smtp.from</param-name> <param-value>password@example.com</param-value> </context-param> |
OR
If the SMTP server requires further values, such as authentication credentials, configure tomcat server mail/Session ( ubilogin -sso\ubilogin\config\tomcat\conf\context.xml ) like below. (In this case, the configuration instruction above can be ignored).
| Code Block | ||||
|---|---|---|---|---|
| ||||
<?xml version='1.0' encoding='utf-8'?> <Context reloadable="false" useHttpOnly="true" swallowOutput="true"> <Manager pathname="" /> <Resource name="mail/Session" auth="Container" type="javax.mail.Session" mail.smtp.host="host" mail.from="example@example.com" mail.user="example" mail.smtp.port="465" mail.smtp.auth="true" mail.smtp.user="example" password="password" mail.smtp.starttls.enable="true" mail.smtp.socketFactory.class="javax.net.ssl.SSLSocketFactory"/> </Context> |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<context-param>
<param-name>mail-session</param-name>
<param-value>mail/Session</param-value>
</context-param>
<resource-ref>
<res-ref-name>mail/Session</res-ref-name>
<res-type>javax.mail.Session</res-type>
<res-auth>Container</res-auth>
</resource-ref> |
As an optional step, you can enable debug logging following the instructions in Password application logging.
Let user define password during password reset
...
Install the service provider metadata of saml.ap.password-reset authentication method by selecting the [Download Metadata] link on the SAML management page of the method. To navigate there select Home → Global Method Settings → saml.ap.password-reset → SAML. Save the metadata file in the directory ubilogin-sso/ubilogin/webapps/password/WEB-INF/saml2/ap/metadata .
Create a href file with a same name as the xml file in the same folder and insert following as its contents with correct values for entityId and url. For example, for metadata.xml the href file must be named metadata.href.
...
In SSO Management, select Home → Global Method Settings → saml.ap.password-reset → SAML → Upload. Then upload the generated ubilogin-sso/saml.ap.password-reset.xml file.
Allow authentication injection on a password method for saml.ap.password-reset
...
The password change application is found at the address: https://idp.example.com/password/change
NOTE that if Additional Information: If a returnurl is provided as a query parameter, a Cancel button redirecting to that URL is displayed on the page like illustrated in Figure 5.
...
The password application uses the same CSS style templates that are defined in SSO Server. If the user transfers to the password application during logon, the template selection will be handled by SSO, but if it's required to transfer the user from another application, it is necessary to provide the used template as a query string parameter, called template. Refer to Templates - SSO for details of how to define and create user interface templates.
...
Use the above links within user applications, or include links to these activities from the login UI. Instructions for adding links to the login UI are found in Login screens - SSO .
| Figure 6. Example links added to login UI help box |
Ubisecure Password application uses email when performing the password reset functionality. Mail settings need to be configured to the ubilogin-sso/ubilogin/webapps/password/WEB-INF/web.xml file. Uncomment the context-param elements that contain mail.smtp.host and mail.smtp.from param-names. Edit the param-values according to your environment.
...
LDAPS should always be used for the connection to the user repository where a password reset is done.
See Configuring the connection for basic LDAP integration - SSO for LDAP connection configuration.