Symantec Access Management

 View Only
  • 1.  Change password SAML

    Posted Aug 03, 2016 04:02 PM


    Hello All,

     

       We have a scenario, where we are acting as IDP and we have to send user to change password page when User hits login page.

    User hits URL:

    http://idp.local/affwebservices/public/saml2sso?SPID=SPID.

     

    User will be redirected to login page, user enters the credentials and if users status is "Change password" he should go to change password page.

    Right now this is not working. Any suggestions please.

     

    Same change password setup works if its not a SAML URL

     

    http://idp.local/   --> Siteminder Protected page

    get the login page, user status is "change password" get redirected to change password page, user changes his password and lands on expected target.

     

    Thank you



  • 2.  Re: Change password SAML
    Best Answer

    Broadcom Employee
    Posted Aug 03, 2016 06:52 PM

    Hello Richard,

     

    For SAML flow, the change password would kick in after the auth URL (redirect.jsp) and login page like you mentioned. It’s not clear what is not working from the post below or at what point it fails... Most likely a good Fiddler capture along with WA traces and FWS traces in a support case would be a good way to go about it. to find the root cause.

     

    Thanks,



  • 3.  Re: Change password SAML

    Posted Aug 04, 2016 01:19 AM

    Hi Richard,

     

    I tested with an AD user that has account status set to change password and user is redirected to the change password page accordingly as he invokes SSO Federation login.

     

    Basically, the authentication realm agent should have redirected the user to change password page upon authentication (before request is forwarded to FWS Agent). Unless there's valid existing user session running, then user will continue with the current session instead of getting authenticated again.



  • 4.  Re: Change password SAML

    Posted Aug 05, 2016 10:07 AM

    Thanks for the getting it confirmed that we can have change password functionality enable for SAML requests, we will review our configuration and get back for any questions.