Skip to main content

A user of the web GUI wants to create a new password for his user account. The authentication methode is “IAM” and login verification is set to “Password” in IAM. Because we host the application on our IIS for multiple customers, we are the administrator of IAM for these customers.

I know I can set a new password in IAM myself, but I do not want to know the users password. So I want to let him change the password himself.

The settings “Allow change” in IAM is set to “True”  and Expires is set to “Change after login”. The user is able to set a new password in the following form:

 

After changing the password, the following message appears:

So far so good. But when trying to login with the new password, I get an error:

But the user can login with his original password, so the change/update did not work!

Same problem when trying to reset the password via the option “Change password” in the blue tab.

 

 

The Application Pool user has owner rights on the database, so that should not be the problem.

Am I doing something wrong, or is this a bug?

Johan,

When using IAM Authentication, I always set the password to change before login. You could give that a try.

I tried that as well, but then I get the error "Reset password is not activated”.

 

I really would like to know why both options do not work.

I'm not sure whether the following ini parameter is still required or not. You could give it a try. Add the following parameter to your configuration:

AllowResetPassword = Yes

You could try adding this parameter to your IAM Global Configuration. If that does not work, you could also try adding this parameter (and it's value) to your settings.ini within the WebGUI.

I already added that setting in a different place in IAM: “Inrichting | Applicaties | Uitgebreide eigenschappen”. But I added it as well in the default configuration (IAM Global Configuration). This did not not help.

Adding the setting "AllowResetPassword = Yes” in the setting.ini changed something, because now I get the following screen.

 

But after clicking on the button “Volgende” I got the message "Wachtwoord instellen is niet toegestaan voor deze gebruiker”. 

 

What is this “validatie code”?

 

The password settings for the user are (still):

The option “Wachtwoord wijzigen” is available in the blue tab though. So why is it not possible to change the password? It just does not save it!

Hi Johan,

When the password has to be changed without having to enter the password at any time, the system will attempt to send an email with a verification token.

After all, the system cannot trust someone who doesn't have the password.

This will fail when the user has no email registered in IAM ór when the Web GUI has no SMTP settings configured. More info on configuring the SMTP client for the Web GUI here.

Regarding the failed password change of the initial post - Make sure you are on the most recent version of the Web GUI.

Version 2019.2.16 of the Web GUI resolved an issue where changing the password would have no effect, just as described in this topic.

Thanks Anne, updating the web GUI from 2019.2.14 to 2019.2.17 solved this issue. The information about the forgot password link and how to configure a SMTP client was also very helpful!

Reply


Terms & ConditionsCookie settings