Skip to main content

Provide HTML to the change passwords pages

You can use a CGI plugin to supply HTML code, including interactive form elements, to the Change passwords page of the:

  • Help users (IDA) module

    This page allows help desk users to change passwords.

  • Change passwords (PSS) module

    This page allows users to change their own passwords.

The plugin for the Help users (IDA) module is set by the A RESET EXT plugin point on the Modules > Help users (IDA) configuration page.

The plugin for the Change passwords (PSS) module is set by the S CHANGE EXT plugin point on the Modules > Change passwords (PSS) configuration page.

The shipped scpinplugin plugin program can be used with the A RESET EXT and S CHANGE EXT plugin points to provide smart card PIN reset.

Write a custom plugin to provide HTML to change passwords pages

Requirements

The CGI plugin is a console executable, which accepts information on standard input and writes results to standard output. See Writing plugins for general requirements.

Execution points

The Change passwords (PSS) module and Help users (IDA) module invoke a plugin to add HTML content to the main menu. Each time the page is requested, the plugin executes. See CGI plugin sequence of events .

Input

Input to the plugin includes:

"" "" = {
  "action" = "PRINT-FORM|PROCESS-FORM" # The action of the CGI
  "user" = "<profile ID>" # The user requesting the page
         
  "requester" = "<profile ID>" # The user requesting the page
         
  "cginame" = "ida|pss" # The CGI running the plugin
  "host" "" = { #1 or more sets, each representing a target system
    "id" = "<target system ID>"
    "name" = "<target system name>"
    "type" = "<target system type>"
    "address" = "<target system address>"
    "adminid" = "<target system administrator ID>"
    "adminpass" = "<target system administrator password>"
    "userid" = "<user's account on the target system>"
     }
  "tags" "" = {#Data to be remembered through the current login session
    "<tag ID>" = "<tag value>" # 0 or more
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "F:\\Locks\\"
  "html" = "" # unused
  }
}

The following is an example of the input received by the plugin during its first run:

"" "" = {
     "action" = "PRINT-FORM"
     "user" = "user1id"
     "requester" = "user1id"
     "cginame" = "pss"
     "host" "" = {
       "id" = "AD"
       "name" = "ad"
       "type" = "WIN2K"
       "address" = "10.10.77.20/basedn=ou=wfou"
       "adminid" = "administrator"
       "adminpass" = "letmein!"
       "userid" = "user1id"
     }
     "tags" "" = {
       "LANG" = "en-us"
       "PS_LOCK_DIR" = "C:\\Program Files\\Hitachi ID\\IDM Suite\\Locks\\"
     }
     "html" = ""
   }

Output

The following is added to the output:

  • submit_buttons A list of HTML buttons that the plugin displays on the page. The CGI needs to know which buttons a plugin has added so that user input on those buttons can be sent back to the plugin.

    All of the entries in this list are the names of the HTML buttons; they are "name" attributes from the <input> tags on the HTML page. All submit buttons must begin with the string "EXT-" to distinguish their names from button names used internally by Bravura Security Fabric .

  • html Raw HTML that displays the plugin’s interface.

The following is an example of the output produced by the plugin:

"" "" = {
  "action" = "PRINT-FORM"
  "cginame" = "ida"
  "html" = ""
  "requester" = "user1id"
  "user" = "manage1"
  "host" "" = {
    "address" = "10.10.77.20/basedn=ou=wfou"
    "adminid" = "administrator"
    "adminpass" = "Letmein1"
    "id" = "AD"
    "name" = "ad"
    "type" = "WIN2K"
    "userid" = "manage1"
  }
  "submit-buttons" "" = {
    "" = ""
  }
  "tags" "" = {
    "LANG" = "en-us"
    "PS_LOCK_DIR" = "C:\\Program Files\\Hitachi ID\\IDM Suite\\Locks\\"
  }
}

}

In this section: