VLF-ONE IBM i Change Password and Password Expiration (solved)
VLF-ONE IBM i Change Password and Password Expiration (solved)
In our framework we use a custom IIP to validate the user against the IBM i.
This IIP extends VF_AC027O, which we copied from the demo UF O_LOGON.
This component has methods to "ChangePassword" and "CheckPasswordExpiry". In the comments of those methods, it mentions that you have to allow the password to be changed and to see framework properties --> User administration settings.
Problem is, that went I go to those settings, it does not appear that those are available for VLF-ONE.
Question is then, how do I go about allowing the user to change their password in VLF-ONE and allow them to get a notification when their password is close to expiring?
Thanks,
Joe
This IIP extends VF_AC027O, which we copied from the demo UF O_LOGON.
This component has methods to "ChangePassword" and "CheckPasswordExpiry". In the comments of those methods, it mentions that you have to allow the password to be changed and to see framework properties --> User administration settings.
Problem is, that went I go to those settings, it does not appear that those are available for VLF-ONE.
Question is then, how do I go about allowing the user to change their password in VLF-ONE and allow them to get a notification when their password is close to expiring?
Thanks,
Joe
Last edited by jyoung on Thu May 09, 2019 7:09 am, edited 1 time in total.
Re: VLF-ONE IBM i Change Password and Password Expiration
In your custom entry point web page (i.e. your version of shipped example UF_OEXEC) specify the identifier of the VF_AC027O based server component that will handle password changing. i.e Your custom version of the shipped UF_OLOGON.
For example:
#VLF_ONE.uInitialize Frameworkidentifer("VF_VLFONE_SYSTEM") Logonhandlerid(VF_AC026O) Passwordchangerid(UF_OLOGON) Mtxtloaderid(UF_OMULTI) Themecustomizerid("") Logonexpiry(90) Logonheaderpanelid(UF_OHEADP) Logontrailerpanelid(UF_OTRALP) Showrestartbutton(True) Usebadges(True) Materialdesigndefault(True) Usesidebarmenus(False) Usepaneltransitions(False)
A change password check box should then appear on the logon screen allowing users to change their passwords.
Your version of UF_OLOGON should have a default (but customizable) ChangePassword method something like this:
It uses the standard CHANGE_IBMI_SIGNON built-in function to talk to your IBM I’s password server. https://docs.lansa.com/14/en/lansa015/i ... signon.htm
The IBM I’s host server name and port can be locally configured for VLF-ONE users by using the shipped administration component VF_CH009O.
It looks like this when executed and creates a configuration file on the server
Alternatively - just hard code your host name and port into your custom ChangePassword method.
For example:
#VLF_ONE.uInitialize Frameworkidentifer("VF_VLFONE_SYSTEM") Logonhandlerid(VF_AC026O) Passwordchangerid(UF_OLOGON) Mtxtloaderid(UF_OMULTI) Themecustomizerid("") Logonexpiry(90) Logonheaderpanelid(UF_OHEADP) Logontrailerpanelid(UF_OTRALP) Showrestartbutton(True) Usebadges(True) Materialdesigndefault(True) Usesidebarmenus(False) Usepaneltransitions(False)
A change password check box should then appear on the logon screen allowing users to change their passwords.
Your version of UF_OLOGON should have a default (but customizable) ChangePassword method something like this:
Code: Select all
Mthroutine Name(ChangePassword) Options(*REDEFINE *RETURNS_MESSAGES)
* ==== Logic for IBM i Servers ===
If (#IsIBMiWebServer)
* Map and convert some parameters to pass to the BIF ....
#BIF_UserProfile := #UserProfile
#BIF_OldPassword := #OldPassword.AsNativeString
#BIF_NewPassword := #NewPassword.AsNativeString
#HostPort := #ServerPort.AsNumber
* Attempt to change the password using the LANSA BIF ..................
Use Builtin(CHANGE_IBMI_SIGNON) With_Args(#ServerName N #BIF_UserProfile #BIF_OldPassword #BIF_NewPassword Y #HostPort) To_Get(#MajorReturnCode)
*
If (#MajorReturnCode <> OK)
#COM_OWNER.ConvertReturnCodetoMessage Tempreturncode(#MajorReturnCode)
#MajorReturnCode := ER
Else
Message Msgtxt(*Mtxtuf_PSW_CHGD)
#MajorReturnCode := OK
Endif
Else
* ==== WRITE YOUR OWN LOGIC FOR NON IBM i SERVERS ====
Endif
Return
Endroutine
The IBM I’s host server name and port can be locally configured for VLF-ONE users by using the shipped administration component VF_CH009O.
It looks like this when executed and creates a configuration file on the server
Alternatively - just hard code your host name and port into your custom ChangePassword method.
Re: VLF-ONE IBM i Change Password and Password Expiration
To use password expiry checking, first turn on password expiry checking and set the number of days to warn in your framework’s definition.
Next, to actually warn users of an upcoming password expiry in VLF-ONE modify your customized version of the VF_AC027O based UF_OLOGON component.
The modification required should consist mostly of uncommenting shipped example code.
The CheckPasswordExpiry method’s code needs to be uncommented.
As shipped it uses the IBM i’s password server via the CHECK_IBMI_SIGNON built-in function - https://docs.lansa.com/14/en/lansa015/i ... signon.htm so it requires the server mapper’s name and port to be configured (or hard coded) as mentioned before for password changing.
Finally the call to the CheckPasswordExpiry method made from method CheckUserCredentials needs to be uncommented so that it executes as the user logs on.
Next, to actually warn users of an upcoming password expiry in VLF-ONE modify your customized version of the VF_AC027O based UF_OLOGON component.
The modification required should consist mostly of uncommenting shipped example code.
The CheckPasswordExpiry method’s code needs to be uncommented.
As shipped it uses the IBM i’s password server via the CHECK_IBMI_SIGNON built-in function - https://docs.lansa.com/14/en/lansa015/i ... signon.htm so it requires the server mapper’s name and port to be configured (or hard coded) as mentioned before for password changing.
Finally the call to the CheckPasswordExpiry method made from method CheckUserCredentials needs to be uncommented so that it executes as the user logs on.
Re: VLF-ONE IBM i Change Password and Password Expiration
Alternatively, you could just create your own server module that uses the CHECK_IBMI_SIGNON built-in function and code like the example shipped in UF_OLOGON as you like.
You could then arrange to call it after logon, or every 30 minutes on a timer (say), and present the expiry countdown details in a progressively more alarming and/or nagging manner (for example).
You could then arrange to call it after logon, or every 30 minutes on a timer (say), and present the expiry countdown details in a progressively more alarming and/or nagging manner (for example).
Re: VLF-ONE IBM i Change Password and Password Expiration
It's possible that when you made your custom version of UF_OLOGON it was several VLF versions back, so it does not have the latest example code in it.
Attached is the latest GA version of UF_OLOGON.
Attached is the latest GA version of UF_OLOGON.
- Attachments
-
- UF_OLOGON.zip
- (5.66 KiB) Downloaded 26 times
Re: VLF-ONE IBM i Change Password and Password Expiration
Hey Mark,
Thanks for all the info!
Just to confirm, the "IBM i User Profile Management" group box only shows up if I have VLF-WIN checked. My assumption then is that this would not work for VLF-ONE, but you are saying that the VLF-WIN setting works for VLF-ONE?
Thanks,
Joe
Thanks for all the info!
Just to confirm, the "IBM i User Profile Management" group box only shows up if I have VLF-WIN checked. My assumption then is that this would not work for VLF-ONE, but you are saying that the VLF-WIN setting works for VLF-ONE?
Thanks,
Joe
Re: VLF-ONE IBM i Change Password and Password Expiration
They should appear for VLF-ONE – that’s a defect we will fix.
Strictly you don’t have to use those values.
The checkbox makes #ApplyExtendedValidation true (highlighted) and the days to warn ends up in the #IssueWarning value (circled in red).
So you can just remove the # ApplyExtendedValidation check and hard code the number of days if you want, rather than set the framework properties.
Strictly you don’t have to use those values.
The checkbox makes #ApplyExtendedValidation true (highlighted) and the days to warn ends up in the #IssueWarning value (circled in red).
So you can just remove the # ApplyExtendedValidation check and hard code the number of days if you want, rather than set the framework properties.
Re: VLF-ONE IBM i Change Password and Password Expiration
Works great.
Just one note, when you un-comment the code for the CheckPasswordExpiry, you will get an instant error on the #BIF_Password := #Password because the password passed into the method is a PRIM_DC.UnicodeString and the BIF_Password is char array.
To fix, all you have to do is use "AsNativeString" on the Password.
Thanks,
Joe
Just one note, when you un-comment the code for the CheckPasswordExpiry, you will get an instant error on the #BIF_Password := #Password because the password passed into the method is a PRIM_DC.UnicodeString and the BIF_Password is char array.
To fix, all you have to do is use "AsNativeString" on the Password.
Code: Select all
#BIF_Password := #Password.AsNativeString
Joe