You are here

Bypassing the External Systems Error Screen in Luminis

Submitted by Brian Ferris on Mon, 04/10/2006 - 10:23

If you have EAS (External Authentication Service) configured in Luminis, and you change your password in the external system, Luminis will give you an error screen telling you it doesn't match the password that it has on record.

Jon Wheat pointed out recently that since Luminis performs the password comparison in a case sensitive matter, it will give you this screen if the password doesn't match casewise (even if your external system is case insensitive).

The screen gives you a chance to 'recover secrets'. What this means is that Luminis has encrypted the credentials you use to access other systems through the portal with your Luminis password-now it has to recover those encrypted credentials and reencrypt them with your new password.

To most users this is less than clear, and worse yet, often confusing. Here's how to automate the 'recovery of secrets'. We replaced the file $CP_ROOT/webapps/luminis/WEB-INF/templates/portal/sync_eas_password.thtml with:

<TEMPLATE "sync eas password"/><HTML>
<HEAD><TITLE>External Password Mismatch</TITLE>
<META HTTP-EQUIV=Refresh CONTENT="0; URL=https://my.school.edu/cp/home/login/auth/sub?op=syncpw&recover=1&skip=true">

We basically pass the user along to the recovery process and also resynchronize their EAS credentials with the credentials stored in the secret store.

NOTE Added 5/21/2007: This doesn't seem to work in Luminis IV. Please see this article for the IV version of doing this.

Channels:

Hack Type:

Comments

Yup. We did something simular. Remember that you need to have the auto recover secret store thingy enabled in order to recover users secret store entries without them entering their old password.

This screen is definately confusing and it's very nice to bypass it!

According to the SungardHE Support Center the secretstore must be configured with one backup recovery agent before using the new "sync_eas_password.thtml".

RN-387 states: "Important: Before using this template, please make sure the secretstore has been configured with one backup recovery agent, as follows:

cptool configure secretstore -ar=1 system"

We spent a lot of effort to reword this screen, and we now just offer the "Continue" or "Cancel" buttons. There is no longer any option for the user to supply their old password as we have auto secret store recovery set.

There are lots of other "error/information" pages which we do not like the wording for, but it is not practical to update all of these.

Derek

I've just put this in place on my test server.

It works just fine when I us Internet Explorer, however it doesn't work when I use Firefox (2.0.0.6).

I get the "Access Denied" page.

Has anyone else had this problem and hopefully found a solution?

I'm running on solaris at version 3.3.3.79.