Password Reset Configuration
|
Self-service password reset feature
This page describes configuration of Self-service password reset midPoint feature.
Please see the feature page for more details.
|
Basic Mechanism
The idea is that all the password reset mechanisms have the same parts:
-
Request: user requests password reset. This may be as simple as a "forgot password" button on a login screen. But there may be complicated methods, such as requesting password reset by asking a colleague or indirect helpdesk password reset scenarios.
-
Authentication: the user that requests password reset is authenticated. This may be a complete out-of-band authentication (which effectively means no extra authentication is performed by midPoint). Or this may be a usual authentication using a nonce sent in an e-mail message. Or this may be an authentication based on the security questions. Or there may be other complex authentication schemes.
-
Source of new credentials specifies how a new credential value is determined. The new value may be entered by the user, randomly generated, determined by a key-exchange protocol and so on.
-
Delivery specifies how the new credential value is delivered to the user. The value may be simply displayed on the screen, sent in an e-mail or even distributed to several colleagues.
Interfaces
Password reset process can be produced with the interfaces as well (IDM Model Interface, REST API). The interaction can be done with the help of the following methods:
-
Request caller authentication.
-
Execute method
-
ModelInteractionService.executeCredentialsReset(user, executeCredentialResetRequest, task, result)
-
REST API reset password operation. A sample can be found here.
-
The usual process would be request-authenticate-execute. However, for simple cases it may be possible to invoke just execute method.
See Also
-
Reset Password Configuration (old configuration, soon to be deprecated)
Compliance
This feature is related to the following compliance frameworks: