We have a scenario, where we are acting as IDP and we have to send user to change password page when User hits login page.
User hits URL:
User will be redirected to login page, user enters the credentials and if users status is "Change password" he should go to change password page.
Right now this is not working. Any suggestions please.
Same change password setup works if its not a SAML URL
http://idp.local/ --> Siteminder Protected page
get the login page, user status is "change password" get redirected to change password page, user changes his password and lands on expected target.
For SAML flow, the change password would kick in after the auth URL (redirect.jsp) and login page like you mentioned. It’s not clear what is not working from the post below or at what point it fails... Most likely a good Fiddler capture along with WA traces and FWS traces in a support case would be a good way to go about it. to find the root cause.
I tested with an AD user that has account status set to change password and user is redirected to the change password page accordingly as he invokes SSO Federation login.
Basically, the authentication realm agent should have redirected the user to change password page upon authentication (before request is forwarded to FWS Agent). Unless there's valid existing user session running, then user will continue with the current session instead of getting authenticated again.
Thanks for the getting it confirmed that we can have change password functionality enable for SAML requests, we will review our configuration and get back for any questions.