(based on Novell Identity Manager 3.5.1)

PS: we have not found any differences in 3.6.1

The Client Login Extension for Novell® Identity Manager 3.5.1 and later facilitates password self-service by adding a link to the Novell and Microsoft* GINA login clients. When users click the Forgot Password link in their login client, the Client Login Extension launches a restricted browser to access the a Application Password Self-Service feature. This feature assists in reducing help desk calls from people who forgot their passwords.

Running the Client Login Extension Configuration utility for Novell Identity Manager configures the Client Login Extension MSI file, which you then install on client workstations running the Novell Client™ software or the Microsoft GINA. The Client Login Extension works on Windows* XP and Windows 2000 workstations.

The Client Login Extension MSI files come in a number of different languages. You must configure the Client Login Extension file for each language, including English, before it can be used.

The Client Login Extension Configuration utility allows the system administrator to specify the following configuration information for the Client Login Extension MSI file:

• You can set the URL for password self services.
• For the Microsoft GINA client, you can include text (such as “Forgotten Password”) for the link to the password self-services.

NOTE:The Client Login Extension for Novell Identity Manager works with the native Microsoft GINA and the Novell Client 4.91 SP3 or later. It does not work with any application that alters the Microsoft GINA, except the Novell Client 4.91 SP3 or later. The Client Login Extension has been tested, and is to be used, on licensed Novell Identity Manager 3.5 systems.

Preparing to Run the Client Login Extension#

Before running the Client Login Extension, you must have a working Identity Manager 3.5 system and have the User Application or your own application configured correctly to enable the Password Self-Service feature.

In order to have the Password Self-Service feature enabled, you need to perform at least the following:

• Enable Universal Password
• Create a password policy or select an existing password policy
• Enable and configure the Forgotten Password option
• Assign the password policy to the appropriate users, groups, or container
• Enable SSL

You initially set up the Password Self-Service feature through iManager by using the Passwords > Password Policies > Forgotten Password and Policy Assignment options.

Use the Identity Manager User Application to complete the password configuration. For information about configuring Password Self-Service through the Identity Manager User Application, see Chapter 5.3, “Password Management Configuration” in the Identity Manager 3.5 User Application: Administration Guide.

You also need to turn on SSL in JBoss* or to your own application server.

With the Forgotten Password feature enabled and the password policy assigned, you now have a valid HTML link for the restricted browser to use. This link needs to be configured for HTTPS, such as https://hostname:8443/IDM/jsps/pwdmgt/ForgotPassword.jsf. Use this URL when running the Client Login Extension Configuration utility.

Troubleshooting#

Keep in mind the following information as you use the Forgotten Password feature:

• If your system administrator allows you to change your password through this process, it can take up to 15 minutes or longer before all changes are in place throughout the network. Be patient before contacting your system administrator.
• For those using the Novell client, if you are already logged in to the network and right-click the red N in the taskbar, select NetWare Login, then select the Did you forget your password? link, you will not launch the restricted browser. The Client Login Extension only applies when you have not logged in.
• If the server running the Identity Manager User Application is down and you select the Did you forget your password? link, you receive the message “An error has occurred” in red on the restricted browser’s initial page. Contact your system administrator.
• If the server running the Identity Manager external WAR is down and you select the Did you forget your password? link, you receive the message “Page Not Found” on the restricted browser’s initial page. Contact your system administrator.
• If the URL to the IDM Forgot Password page is mis-configured and you select the Did you forget your password? link, you receive the message “Page Not Found” on the restricted browser’s initial page. Contact your system administrator.