000025221 - RSA ClearTrust user challenged for credentials after changing password

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000025221
Applies ToRSA ClearTrust
IssueRSA ClearTrust user challenged for credentials after changing password
After authenticating, user is directed to password change application; after changing password, user is rechallenged even though user has already authenticated
CauseWhen a user is challenged to authenticate and receives a "password expired" response, they can be directed through a password changing mechanism. After successfully changing their password, they can be redirected to the original protected URI (see the solution regarding URI retention with password change custom code in RSA ClearTrust for more information), but in the normal case, the user will be rechallenged because they didn't authenticate successfully the first time.
ResolutionAfter successfully changing their password, there are 2 methods available for invisibly authenticating the user prior to redirecting them to their original URI:

1. Using the runtime API, the password change code can authenticate the user and obtain the token, returning that to the customer as a CTSESSION cookie so that, on redirection to the retained URI, the agent accepts the user as an authenticated user

2. After successfully changing their password, the user can be redirected to the login page with their username and (new) password by POST method, identically to how their credentials would be submitted after entering them in the logon page. The user will be authenticated, and if URI retention is enabled, redirected. Note that the form parameters must be identical to what the logon form expects (which can be checked in the source code for the logon page), and if URI retention is handled by querystring, the retained URI must also be submitted as a querystring to the logon page.
Legacy Article IDa25448

Attachments

    Outcomes