The Forgotten Password Services (FPS) component of APS is essentially a finite state machine (FSM). An FSM is a standard computer software construct that make decisions based on a finite number of states and the transition conditions between these states.
FPS defines the following states:
|
State |
Condition |
Terminal State? |
|
0 |
Initial Entry |
No |
|
|
||
|
10 |
Identify Form |
No |
|
11 |
Display Missing Form |
No |
|
12 |
More than one user found |
No |
|
13 |
No user found |
Yes |
|
14 |
User is disabled |
Yes |
|
15 |
Too recent success |
Yes |
|
16 |
Too recent attempt |
Yes |
|
17 |
Failure Count (Lockout) |
Yes |
|
18 |
Missing required data from LDAP |
Yes |
|
|
||
|
20 |
Display Verify Form |
No |
|
21 |
Missing/Invalid data from Verify form |
No |
|
22 |
Retry verify form |
No |
|
|
||
|
30 |
Change Password form |
No |
|
31 |
Change Password invalid |
No |
|
|
||
|
80 |
Display confirmation form |
Yes |
|
|
||
|
90 |
Error |
Yes |
|
91 |
Incorrect verification |
Yes |
|
92 |
Timeout |
Yes |
|
99 |
Error state (internal errors) |
Yes |
Only states ending in zero are external states. That is, ones that will exist whenever FPS is invoked. FPS can then convert to an internal state, resulting in a redirection that is, for all intents and purposes, equal to another external state.
The state transitions are defined as:
|
Enter |
To |
Exit |
Cause |
|
0 |
10 |
10 |
Initial entry |
|
0 |
99 |
90 |
Identify form not configured |
|
10 |
11 |
10 |
Invalid/missing data |
|
10 |
12 |
10 |
More than one user found |
|
10 |
13 |
90 |
No user found |
|
10 |
14 |
90 |
User is disabled |
|
10 |
15 |
90 |
Too recent success |
|
10 |
16 |
90 |
Too recent attempt |
|
10 |
17 |
90 |
Lockout count exceeded |
|
10 |
18 |
90 |
Insufficient/missing data from LDAP |
|
10 |
20 |
20 |
User identified, verify form defined |
|
10 |
80 |
80 |
User identified, no verify form |
|
10 |
99 |
90 |
Unconfigured fields posted |
|
20 |
21 |
20 |
Invalid/missing data posted |
|
20 |
22 |
20 |
Verification failed, retry defined |
|
20 |
30 |
30 |
Verification successful, change next |
|
20 |
80 |
80 |
Verification successful, no change |
|
20 |
91 |
90 |
Verification failed |
|
20 |
92 |
90 |
User did not answer in time |
|
20 |
99 |
90 |
Unconfigured fields posted |
|
30 |
80 |
80 |
Password change successful |
|
30 |
31 |
30 |
Password change failed |
Whenever Forgot (Forgot.exe on Windows NT) is executed, it communicates with the SmAPS library on the SiteMinder server. All logic is actually contained in the SmAPS library; Forgot is merely a communications stub. Basically, the only logic in Forgot is for handling communications errors.
FPS first determines the initial state. This will always be one of the external states (number ending in zero). This is done using the referrer (the page that sent the user to Forgot) and cookies.
Once the initial state is determined, FPS can determine what the expected POST data is supposed to be (if any), validate it, and determine the next state. It can then determine the next place that the user is to be redirected and whatever setup is required for that page.
If debugging is turned on (using the DEBUG statement in the SmPortal.cfg file and the DEBUG setting in the FPS configuration file), state changes are recorded in the log. Problems can often be diagnosed using this information.
|
Copyright © 2014 CA.
All rights reserved.
|
|