CA API Gateway 9.1

9.4 9.1

Change CA SSO User Password Assertion

The Change CA Single Sign-On User Password assertion lets you change a user's password in CA SSO user directory.
gateway93
The 
Change CA Single Sign-On User Password
 assertion lets you change a user's password in CA SSO user directory.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, access 
      Assertions
       tab, 
      Policy Assertions
      Access Control Assertions
       and drag and drop the 
      Change CA Single Sign-On User Password
       assertion into the policy development window.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the 
    Change CA Single Sign-On User Password
     Properties
     automatically appear; when modifying the assertion, right-click 
    Change CA Single Sign-On User Password 
    in the policy window and select 
    Change CA Single Sign-On User Password
     Properties
     or double-click the assertion in the policy development window. 
    The assertion properties are displayed.
  3. Configure the properties as follows:
    Setting
    Description
    Configuration Name
    Specifies the CA Single Sign-On Configuration to use. This configuration is defined using the Manage CA Single Sign-On Configurations task.
    Domain Object ID
    Specifies the object ID of the domain. This value can be set to
    ${<prefix>.smcontext.realmdef.domoid}
    , which is set by the Check Protected Resource Against CA Single Sign-On Assertion.
    Username
    Specifies the username.
    Old Password
    Specifies the old password.
    New Password
    Specifies the new password.
  4. Click 
    OK
    .
Context Variable
If the assertion fails to change the user's password, it sets the following context variable:
Context Variable
Type
Description
reasonCode
integer
Specifies the change password failure reason code that is returned from CA SSO.
The
reasonCode
 context variable is set only if
SmDmsUser#changePassword(String newPassword, String oldPassword, boolean doNotRequireOldPassword)
 method in DMS API fails. If the assertion fails for any other reason (that is, it cannot connect to CA Policy Server, it cannot find user in the user directory, and so on), the
reasonCode
 context variable is not set.

Content feedback and comments