VLF-ONE IBM i Change Password and Password Expiration (solved)

This Q&A forum allows users to post and respond to "How Do I Do ....." questions. Please do not use to report (suspected) errors - you must use your regional help desk for this. The information contained in this forum has not been validated by LANSA and, as such, LANSA cannot guarantee the accuracy of the information.
Post Reply
jyoung
Posts: 643
Joined: Thu Jan 21, 2016 6:43 am
Location: Oklahoma City, OK USA

VLF-ONE IBM i Change Password and Password Expiration (solved)

Post by jyoung » Sat Apr 27, 2019 1:40 am

In our framework we use a custom IIP to validate the user against the IBM i.
This IIP extends VF_AC027O, which we copied from the demo UF O_LOGON.

This component has methods to "ChangePassword" and "CheckPasswordExpiry". In the comments of those methods, it mentions that you have to allow the password to be changed and to see framework properties --> User administration settings.

Problem is, that went I go to those settings, it does not appear that those are available for VLF-ONE.

Question is then, how do I go about allowing the user to change their password in VLF-ONE and allow them to get a notification when their password is close to expiring?

Thanks,
Joe
Last edited by jyoung on Thu May 09, 2019 7:09 am, edited 1 time in total.

MarkD
Posts: 622
Joined: Wed Dec 02, 2015 9:56 am

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by MarkD » Mon Apr 29, 2019 11:07 am

In your custom entry point web page (i.e. your version of shipped example UF_OEXEC) specify the identifier of the VF_AC027O based server component that will handle password changing. i.e Your custom version of the shipped UF_OLOGON.

For example:
#VLF_ONE.uInitialize Frameworkidentifer("VF_VLFONE_SYSTEM") Logonhandlerid(VF_AC026O) Passwordchangerid(UF_OLOGON) Mtxtloaderid(UF_OMULTI) Themecustomizerid("") Logonexpiry(90) Logonheaderpanelid(UF_OHEADP) Logontrailerpanelid(UF_OTRALP) Showrestartbutton(True) Usebadges(True) Materialdesigndefault(True) Usesidebarmenus(False) Usepaneltransitions(False)


A change password check box should then appear on the logon screen allowing users to change their passwords.


Your version of UF_OLOGON should have a default (but customizable) ChangePassword method something like this:

Code: Select all

Mthroutine Name(ChangePassword) Options(*REDEFINE *RETURNS_MESSAGES)
* ==== Logic for IBM i Servers ===
If (#IsIBMiWebServer)
* Map and convert some parameters to pass to the BIF ....
#BIF_UserProfile := #UserProfile
#BIF_OldPassword := #OldPassword.AsNativeString
#BIF_NewPassword := #NewPassword.AsNativeString
#HostPort := #ServerPort.AsNumber
* Attempt to change the password using the LANSA BIF ..................
Use Builtin(CHANGE_IBMI_SIGNON) With_Args(#ServerName N #BIF_UserProfile #BIF_OldPassword #BIF_NewPassword Y #HostPort) To_Get(#MajorReturnCode)
*
If (#MajorReturnCode <> OK)
#COM_OWNER.ConvertReturnCodetoMessage Tempreturncode(#MajorReturnCode)
#MajorReturnCode := ER
Else
Message Msgtxt(*Mtxtuf_PSW_CHGD)
#MajorReturnCode := OK
Endif
Else

* ==== WRITE YOUR OWN LOGIC FOR NON IBM i SERVERS ====
Endif
Return
Endroutine
It uses the standard CHANGE_IBMI_SIGNON built-in function to talk to your IBM I’s password server. https://docs.lansa.com/14/en/lansa015/i ... signon.htm

The IBM I’s host server name and port can be locally configured for VLF-ONE users by using the shipped administration component VF_CH009O.
It looks like this when executed and creates a configuration file on the server
Capture1.PNG
Capture1.PNG (18.99 KiB) Viewed 8821 times
Alternatively - just hard code your host name and port into your custom ChangePassword method.

MarkD
Posts: 622
Joined: Wed Dec 02, 2015 9:56 am

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by MarkD » Mon Apr 29, 2019 11:36 am

To use password expiry checking, first turn on password expiry checking and set the number of days to warn in your framework’s definition.
Capture1.PNG
Capture1.PNG (4.66 KiB) Viewed 8819 times
Next, to actually warn users of an upcoming password expiry in VLF-ONE modify your customized version of the VF_AC027O based UF_OLOGON component.

The modification required should consist mostly of uncommenting shipped example code.

The CheckPasswordExpiry method’s code needs to be uncommented.

As shipped it uses the IBM i’s password server via the CHECK_IBMI_SIGNON built-in function - https://docs.lansa.com/14/en/lansa015/i ... signon.htm so it requires the server mapper’s name and port to be configured (or hard coded) as mentioned before for password changing.

Finally the call to the CheckPasswordExpiry method made from method CheckUserCredentials needs to be uncommented so that it executes as the user logs on.

MarkD
Posts: 622
Joined: Wed Dec 02, 2015 9:56 am

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by MarkD » Mon Apr 29, 2019 11:41 am

Alternatively, you could just create your own server module that uses the CHECK_IBMI_SIGNON built-in function and code like the example shipped in UF_OLOGON as you like.

You could then arrange to call it after logon, or every 30 minutes on a timer (say), and present the expiry countdown details in a progressively more alarming and/or nagging manner (for example).

MarkD
Posts: 622
Joined: Wed Dec 02, 2015 9:56 am

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by MarkD » Mon Apr 29, 2019 11:51 am

It's possible that when you made your custom version of UF_OLOGON it was several VLF versions back, so it does not have the latest example code in it.

Attached is the latest GA version of UF_OLOGON.
Attachments
UF_OLOGON.zip
(5.66 KiB) Downloaded 22 times

jyoung
Posts: 643
Joined: Thu Jan 21, 2016 6:43 am
Location: Oklahoma City, OK USA

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by jyoung » Mon Apr 29, 2019 11:08 pm

Hey Mark,

Thanks for all the info!

Just to confirm, the "IBM i User Profile Management" group box only shows up if I have VLF-WIN checked. My assumption then is that this would not work for VLF-ONE, but you are saying that the VLF-WIN setting works for VLF-ONE?
Capture1.PNG
Capture1.PNG (21.91 KiB) Viewed 8803 times
Capture2.PNG
Capture2.PNG (50.98 KiB) Viewed 8803 times
Thanks,
Joe

MarkD
Posts: 622
Joined: Wed Dec 02, 2015 9:56 am

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by MarkD » Tue Apr 30, 2019 10:06 am

They should appear for VLF-ONE – that’s a defect we will fix.

Strictly you don’t have to use those values.

The checkbox makes #ApplyExtendedValidation true (highlighted) and the days to warn ends up in the #IssueWarning value (circled in red).
Capture1.PNG
Capture1.PNG (14.29 KiB) Viewed 8793 times

So you can just remove the # ApplyExtendedValidation check and hard code the number of days if you want, rather than set the framework properties.

jyoung
Posts: 643
Joined: Thu Jan 21, 2016 6:43 am
Location: Oklahoma City, OK USA

Re: VLF-ONE IBM i Change Password and Password Expiration

Post by jyoung » Thu May 09, 2019 7:09 am

Works great.

Just one note, when you un-comment the code for the CheckPasswordExpiry, you will get an instant error on the #BIF_Password := #Password because the password passed into the method is a PRIM_DC.UnicodeString and the BIF_Password is char array.

To fix, all you have to do is use "AsNativeString" on the Password.

Code: Select all

#BIF_Password := #Password.AsNativeString
Thanks,
Joe

Post Reply