VLF-ONE IBM i Change Password and Password Expiration (solved)

[jyoung]

In our framework we use a custom IIP to validate the user against the IBM i.
This IIP extends VF_AC027O, which we copied from the demo UF O_LOGON.

This component has methods to "ChangePassword" and "CheckPasswordExpiry". In the comments of those methods, it mentions that you have to allow the password to be changed and to see framework properties --> User administration settings.

Problem is, that went I go to those settings, it does not appear that those are available for VLF-ONE.

Question is then, how do I go about allowing the user to change their password in VLF-ONE and allow them to get a notification when their password is close to expiring?

Thanks,
Joe

[MarkD]

In your custom entry point web page (i.e. your version of shipped example UF_OEXEC) specify the identifier of the VF_AC027O based server component that will handle password changing. i.e Your custom version of the shipped UF_OLOGON.

For example:
#VLF_ONE.uInitialize Frameworkidentifer("VF_VLFONE_SYSTEM") Logonhandlerid(VF_AC026O) Passwordchangerid(UF_OLOGON) Mtxtloaderid(UF_OMULTI) Themecustomizerid("") Logonexpiry(90) Logonheaderpanelid(UF_OHEADP) Logontrailerpanelid(UF_OTRALP) Showrestartbutton(True) Usebadges(True) Materialdesigndefault(True) Usesidebarmenus(False) Usepaneltransitions(False)


A change password check box should then appear on the logon screen allowing users to change their passwords.


Your version of UF_OLOGON should have a default (but customizable) ChangePassword method something like this:

Code: Select all

Mthroutine Name(ChangePassword) Options(*REDEFINE *RETURNS_MESSAGES)
* ==== Logic for IBM i Servers ===
If (#IsIBMiWebServer)
* Map and convert some parameters to pass to the BIF ....
#BIF_UserProfile := #UserProfile
#BIF_OldPassword := #OldPassword.AsNativeString
#BIF_NewPassword := #NewPassword.AsNativeString
#HostPort := #ServerPort.AsNumber
* Attempt to change the password using the LANSA BIF ..................
Use Builtin(CHANGE_IBMI_SIGNON) With_Args(#ServerName N #BIF_UserProfile #BIF_OldPassword #BIF_NewPassword Y #HostPort) To_Get(#MajorReturnCode)
*
If (#MajorReturnCode <> OK)
#COM_OWNER.ConvertReturnCodetoMessage Tempreturncode(#MajorReturnCode)
#MajorReturnCode := ER
Else
Message Msgtxt(*Mtxtuf_PSW_CHGD)
#MajorReturnCode := OK
Endif
Else

* ==== WRITE YOUR OWN LOGIC FOR NON IBM i SERVERS ====
Endif
Return
Endroutine

It uses the standard CHANGE_IBMI_SIGNON built-in function to talk to your IBM I’s password server. https://docs.lansa.com/14/en/lansa015/i ... signon.htm

The IBM I’s host server name and port can be locally configured for VLF-ONE users by using the shipped administration component VF_CH009O.
It looks like this when executed and creates a configuration file on the server

Capture1.PNG (18.99 KiB) Viewed 8830 times

Alternatively - just hard code your host name and port into your custom ChangePassword method.

[MarkD]

To use password expiry checking, first turn on password expiry checking and set the number of days to warn in your framework’s definition.

Capture1.PNG (4.66 KiB) Viewed 8828 times

Next, to actually warn users of an upcoming password expiry in VLF-ONE modify your customized version of the VF_AC027O based UF_OLOGON component.

The modification required should consist mostly of uncommenting shipped example code.

The CheckPasswordExpiry method’s code needs to be uncommented.

As shipped it uses the IBM i’s password server via the CHECK_IBMI_SIGNON built-in function - https://docs.lansa.com/14/en/lansa015/i ... signon.htm so it requires the server mapper’s name and port to be configured (or hard coded) as mentioned before for password changing.

Finally the call to the CheckPasswordExpiry method made from method CheckUserCredentials needs to be uncommented so that it executes as the user logs on.

[MarkD]

Alternatively, you could just create your own server module that uses the CHECK_IBMI_SIGNON built-in function and code like the example shipped in UF_OLOGON as you like.

You could then arrange to call it after logon, or every 30 minutes on a timer (say), and present the expiry countdown details in a progressively more alarming and/or nagging manner (for example).

[MarkD]

It's possible that when you made your custom version of UF_OLOGON it was several VLF versions back, so it does not have the latest example code in it.

Attached is the latest GA version of UF_OLOGON.

[jyoung]

Hey Mark,

Thanks for all the info!

Just to confirm, the "IBM i User Profile Management" group box only shows up if I have VLF-WIN checked. My assumption then is that this would not work for VLF-ONE, but you are saying that the VLF-WIN setting works for VLF-ONE?

Capture1.PNG (21.91 KiB) Viewed 8812 times

Capture2.PNG (50.98 KiB) Viewed 8812 times

Thanks,
Joe

[MarkD]

They should appear for VLF-ONE – that’s a defect we will fix.

Strictly you don’t have to use those values.

The checkbox makes #ApplyExtendedValidation true (highlighted) and the days to warn ends up in the #IssueWarning value (circled in red).

Capture1.PNG (14.29 KiB) Viewed 8802 times

So you can just remove the # ApplyExtendedValidation check and hard code the number of days if you want, rather than set the framework properties.

[jyoung]

Works great.

Just one note, when you un-comment the code for the CheckPasswordExpiry, you will get an instant error on the #BIF_Password := #Password because the password passed into the method is a PRIM_DC.UnicodeString and the BIF_Password is char array.

To fix, all you have to do is use "AsNativeString" on the Password.

Code: Select all

#BIF_Password := #Password.AsNativeString

Thanks,
Joe