Previous Topic: How to Configure Password PoliciesNext Topic: Password Policy Troubleshooting

Policy Server GuidesPolicy Server Configuration GuidePassword PoliciesUser-initiated Password Changes

User-initiated Password Changes

User-initiated password changes allow end users to change their passwords without any intervention from an administrator. Users can elect to change their passwords by clicking a link to access the Password Change Request form.

Add a Change Password Link

To enable user-initiated password changes, the Policy Server administrator must add a Change Password link to an HTML page. For example, administrators might add this link to a login page so users can opt to change their password at login.

Note: For more information, see the Web Agent Configuration Guide.

Password Self-Changes

When users want to change their passwords they must:

  1. Click Change Password.

    The Administrative UI displays the Password Change Request form.

  2. Enter the requested information, then click the Change Password button.

    The Administrative UI displays another Password Change Information page, indicating that the user’s password has been changed.

Enable Password Change Failure Messages

By default, if a user enters incorrect information when changing a password, CA SiteMinder® returns a generic failure message. This message does not specify the failure reason.

You can change the default behavior and explicitly tell users why the change failed.

Follow these steps:

  1. Access the Policy Server host system and do one of the following:
    1. (Windows) Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\Software\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\PolicyServer.
    2. (UNIX) Open the sm.registry file. The default location of this file is siteminder_home/registry.
      siteminder_home

      Specifies the Policy Server installation path.

  2. Create DisallowForceLogin using the following settings:

    KeyType: REG_DWORD

    Value: 0 or 1

    0

    (default) CA SiteMinder® returns a generic failure message. This behavior is consistent with the default CA SiteMinder® behavior.

    1

    CA SiteMinder® Returns an explicit failure reason.

    Note: A value other than 1 or 0 is not supported.

  3. Do one of the following:
  4. Restart the Policy Server.