ISE Identity Manager Password Management

This tutorial is part of the Identity Manager track within the Identity Suite Essentials program.

Description

This tutorial covers how to implement password expiration warning using the deferred task scanner when user password is about to expire.

The password expiration warning sends out multiple email notifications to a user at pre-defined intervals before the user password expires.

The password expiration warning is integrated into the Create User, Update User and Change User Password processes so that a deferred task for sending email notifications is created for the user whenever the user password is changed in the Administrative or End User interface.

Top

Learning Objectives

After completing this tutorial, the following topics should be understood.

  1. Create a custom Identity Manager Account Policy.
  2. Configure a custom Identity Manager Account Policy for an organization.
  3. Create a deferred task to perform actions on a user.

Top

Prerequisites

The following items must be completed before starting this tutorial.

Top

Setup

The following steps need to performed to enable the demonstration.

Section 1: Deploy Custom Objects

Follow these instructions to deploy the custom objects.

Download the tutorial bundle (NOTE: This was part of module 1). Uncompress the bundle and copy the extracted files to custom directory under Idm8 project directory.

Start Netbeans 6.1 and open the Idm8 project. Expand the Custom Identity Manager Objects folder to view the custom objects from the tutorial bundle.

Right click Idm8 in the Projects tab. Select Run to deploy and run the project.

Section 2: Summary of Custom Objects

This section provides a summary of the custom objects in the project. 

NOTE:  These objects are in the Netbeans project zip file described in Module 1, which should all be automatically deployed when the project is run. 

Configuration-passwordexpirationnwarning.xml
Create a subprocess for managing password expiration warning. It determines the next date to warn users that their passwords are about to expire and add a deferred task to perform the password expiration warning on that date.
Configuration-systemconfiguration.xml Configure the system configuration to use the custom Create User, Update User and Change User Password workflows.
EmailTemplate-passwordexpirationwarningnotification Create a new email template for the password expiration warning notification.
Objectgroup-People.xml Create a new organization called People under the Top organization that uses a custom Identity Manager Account Policy to expire user passwords in 3 days.
Objectgroup-All Users.xml Create a new organization called All Users under the People organization that uses a custom Identity Manager Account Policy to expire user passwords in PeoplePeople3 days.
Policy-identitysystemaccountpolicy.xml Create a new Identity Manager account policy that expires passwords in 3 days.
Rule-adddate.xml Create a new rule to determine a relative date from a given date.
Rule-passwordexipirationwarningdate.xml Create a new rule to determine the next date for warning the user that the password is about to expire.
Rule-passwordexpirationwarningdays.xml Create a new rule object to provide a list of pre-defined number of days (2 and 1 days) before the password expiration date to invoke the password expiration warning task
TaskDefinition-changeuserpassword.xml Create a new task definition object to add the password expiration warning subprocess to the existing Change User Password workflow.
sample-taskdefinition-createuser.xml Create a new task definition object to add the password expiration warning subprocess to the existing Create User workflow.
TaskDefinition-passwordexpirationwarningtask.xml Create a deferred task to perform the password expiration warning. This task sends an email notification to the user, removes the current deferred task from the user and calls the password expiration warning subprocess to determine the next date for password expiration warning.
TaskDefinition-updateuser.xml Create a new task definition object to add the password expiration warning subprocess to the existing Update User workflow.

Top

Demonstration

After completing the setup above, the following steps should be performed to complete this tutorial.

Section 1: Create User

Login as configurator / configurator
Select Accounts and then List Accounts.
Select the check box for People: All. Select New User from the New Actions dropdown list.
Enter values for Account ID, Email Address, Password and Confirm Password fields. Select Save.
Important Information
The Organization field must be set to Top:People:All.
Select OK.

Section 2: Verify Password Expiration Notification

Launch http://localhost:8080/Idm8/debug to access the debug page.

Select User from the Type dropdown list next to List Objects button.

Select List Objects.
Select view to view the testuser user object.
Note that the user password will expire in 3 days.

The user also has a deferred task that is scheduled to run 2 days before password expires.
Change the system time to 2 days before the password expires.
Select Server Tasks, Run Tasks and Deferred Task Scanner.
Useful Information
NOTE: The default User Deferred Task Scanner runs every one hour. For testing purposes, the deferred task scanner is launched manually.
Select Launch.
Select OK.
Go to the debug page and view the testuser user object.

Note that the deferred task is now scheduled to run at 1 day before password expires.
Change the system time to 1 day before the password expiration date.

Launch the Deferred Task Scanner.
Open the notifications.txt file in domains/domain1/config directory under Glassfish installation directory.

There should have two email notifications that were sent from the password expiration warning deferred task.

Section 3: Update User

Select Accounts and then List Accounts.

Expand Software Services and select testuser.
Enter test for First Name and user for Last Name.

Change the password in the Password and Confirm Password fields.

Note the Password Expiration information at the bottom of the page.

Select Save.
Select Save.
Select OK.
Repeat Section 2 to verify the password expiration notification.

Section 4: Change User Password

Launch http://localhost:8080/Idm8/user and login as testuser
Select Profile and then Change Password.

Enter values for Password and Confirm Password fields.

Select Save.
Enter the old password and select OK.
Select OK.
Repeat Section 2 to verify the password expiration notification.

Top

Resources

The following links provide more information:

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact