Page 1 of 1

VLF-ONE IBM i Change Password and Password Expiration (solved)

Posted: Sat Apr 27, 2019 1:40 am
by jyoung
In our framework we use a custom IIP to validate the user against the IBM i.
This IIP extends VF_AC027O, which we copied from the demo UF O_LOGON.

This component has methods to "ChangePassword" and "CheckPasswordExpiry". In the comments of those methods, it mentions that you have to allow the password to be changed and to see framework properties --> User administration settings.

Problem is, that went I go to those settings, it does not appear that those are available for VLF-ONE.

Question is then, how do I go about allowing the user to change their password in VLF-ONE and allow them to get a notification when their password is close to expiring?

Thanks,
Joe

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Mon Apr 29, 2019 11:07 am
by MarkD
In your custom entry point web page (i.e. your version of shipped example UF_OEXEC) specify the identifier of the VF_AC027O based server component that will handle password changing. i.e Your custom version of the shipped UF_OLOGON.

For example:
#VLF_ONE.uInitialize Frameworkidentifer("VF_VLFONE_SYSTEM") Logonhandlerid(VF_AC026O) Passwordchangerid(UF_OLOGON) Mtxtloaderid(UF_OMULTI) Themecustomizerid("") Logonexpiry(90) Logonheaderpanelid(UF_OHEADP) Logontrailerpanelid(UF_OTRALP) Showrestartbutton(True) Usebadges(True) Materialdesigndefault(True) Usesidebarmenus(False) Usepaneltransitions(False)


A change password check box should then appear on the logon screen allowing users to change their passwords.


Your version of UF_OLOGON should have a default (but customizable) ChangePassword method something like this:

Code: Select all

Mthroutine Name(ChangePassword) Options(*REDEFINE *RETURNS_MESSAGES)
* ==== Logic for IBM i Servers ===
If (#IsIBMiWebServer)
* Map and convert some parameters to pass to the BIF ....
#BIF_UserProfile := #UserProfile
#BIF_OldPassword := #OldPassword.AsNativeString
#BIF_NewPassword := #NewPassword.AsNativeString
#HostPort := #ServerPort.AsNumber
* Attempt to change the password using the LANSA BIF ..................
Use Builtin(CHANGE_IBMI_SIGNON) With_Args(#ServerName N #BIF_UserProfile #BIF_OldPassword #BIF_NewPassword Y #HostPort) To_Get(#MajorReturnCode)
*
If (#MajorReturnCode <> OK)
#COM_OWNER.ConvertReturnCodetoMessage Tempreturncode(#MajorReturnCode)
#MajorReturnCode := ER
Else
Message Msgtxt(*Mtxtuf_PSW_CHGD)
#MajorReturnCode := OK
Endif
Else

* ==== WRITE YOUR OWN LOGIC FOR NON IBM i SERVERS ====
Endif
Return
Endroutine
It uses the standard CHANGE_IBMI_SIGNON built-in function to talk to your IBM I’s password server. https://docs.lansa.com/14/en/lansa015/i ... signon.htm

The IBM I’s host server name and port can be locally configured for VLF-ONE users by using the shipped administration component VF_CH009O.
It looks like this when executed and creates a configuration file on the server
Capture1.PNG
Capture1.PNG (18.99 KiB) Viewed 8802 times
Alternatively - just hard code your host name and port into your custom ChangePassword method.

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Mon Apr 29, 2019 11:36 am
by MarkD
To use password expiry checking, first turn on password expiry checking and set the number of days to warn in your framework’s definition.
Capture1.PNG
Capture1.PNG (4.66 KiB) Viewed 8800 times
Next, to actually warn users of an upcoming password expiry in VLF-ONE modify your customized version of the VF_AC027O based UF_OLOGON component.

The modification required should consist mostly of uncommenting shipped example code.

The CheckPasswordExpiry method’s code needs to be uncommented.

As shipped it uses the IBM i’s password server via the CHECK_IBMI_SIGNON built-in function - https://docs.lansa.com/14/en/lansa015/i ... signon.htm so it requires the server mapper’s name and port to be configured (or hard coded) as mentioned before for password changing.

Finally the call to the CheckPasswordExpiry method made from method CheckUserCredentials needs to be uncommented so that it executes as the user logs on.

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Mon Apr 29, 2019 11:41 am
by MarkD
Alternatively, you could just create your own server module that uses the CHECK_IBMI_SIGNON built-in function and code like the example shipped in UF_OLOGON as you like.

You could then arrange to call it after logon, or every 30 minutes on a timer (say), and present the expiry countdown details in a progressively more alarming and/or nagging manner (for example).

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Mon Apr 29, 2019 11:51 am
by MarkD
It's possible that when you made your custom version of UF_OLOGON it was several VLF versions back, so it does not have the latest example code in it.

Attached is the latest GA version of UF_OLOGON.

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Mon Apr 29, 2019 11:08 pm
by jyoung
Hey Mark,

Thanks for all the info!

Just to confirm, the "IBM i User Profile Management" group box only shows up if I have VLF-WIN checked. My assumption then is that this would not work for VLF-ONE, but you are saying that the VLF-WIN setting works for VLF-ONE?
Capture1.PNG
Capture1.PNG (21.91 KiB) Viewed 8784 times
Capture2.PNG
Capture2.PNG (50.98 KiB) Viewed 8784 times
Thanks,
Joe

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Tue Apr 30, 2019 10:06 am
by MarkD
They should appear for VLF-ONE – that’s a defect we will fix.

Strictly you don’t have to use those values.

The checkbox makes #ApplyExtendedValidation true (highlighted) and the days to warn ends up in the #IssueWarning value (circled in red).
Capture1.PNG
Capture1.PNG (14.29 KiB) Viewed 8774 times

So you can just remove the # ApplyExtendedValidation check and hard code the number of days if you want, rather than set the framework properties.

Re: VLF-ONE IBM i Change Password and Password Expiration

Posted: Thu May 09, 2019 7:09 am
by jyoung
Works great.

Just one note, when you un-comment the code for the CheckPasswordExpiry, you will get an instant error on the #BIF_Password := #Password because the password passed into the method is a PRIM_DC.UnicodeString and the BIF_Password is char array.

To fix, all you have to do is use "AsNativeString" on the Password.

Code: Select all

#BIF_Password := #Password.AsNativeString
Thanks,
Joe