[midPoint] Initiating password resets from mobile devices

Taylor, Paul ptaylor at vinu.edu
Mon Dec 9 21:33:22 CET 2024 

 Hello.

Does anyone know if there is a specific configuration that is needed to
allow password resets to work from browsers on mobile devices?

We recently upgraded from 4.4.6 to 4.8.4. I configured the focus
identification module to use both email and employee number. From a browser
on a PC, resetting the password works as expected. But from a mobile
device, after entering employee number or email (focus identification), I
get an "Invalid username and/or password." error message and am redirected
to the identity provider selection screen. I'm aware that mobile support is
limited and that the reset password operation authenticated via the mail
link (with nonce) needs to be completed in the same browser it was started
in.

Below are excerpts from our security policy:
    <authentication>
        <modules>
...
            <mailNonce id="4">
                <name>MailNonce</name>
                <description> Authentication based on mail message with a
nonce. Used for password reset.</description>
                <credentialName>mailNonce</credentialName>
            </mailNonce>
            <focusIdentification id="26">
                <identifier>employeeNumberEmail</identifier>
                <item id="27">
                    <path>employeeNumber</path>
                    <matchingRule>stringIgnoreCase</matchingRule>
                </item>
                <item id="28">
                    <path>emailAddress</path>
                    <matchingRule>stringIgnoreCase</matchingRule>
                </item>
            </focusIdentification>
        </modules>
        <sequence id="5">
            <name>userPasswordResetAuth</name>
            <description>Just a nonce mail to validate e-mail
address.</description>
            <channel>
                <channelId>
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#resetPassword
</channelId>
                <urlSuffix>resetPassword</urlSuffix>
            </channel>
            <module id="29">
                <name>MailNonce</name>
                <order>20</order>
                <necessity>required</necessity>
            </module>
            <module id="30">
                <identifier>employeeNumberEmail</identifier>
                <order>10</order>
                <necessity>requisite</necessity>
            </module>
        </sequence>
...
    <credentialsReset>

<authenticationSequenceName>userPasswordResetAuth</authenticationSequenceName>
    </credentialsReset>


Thanks for the help,
Paul Taylor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241209/c196026e/attachment.htm>

More information about the midPoint mailing list