<div dir="ltr">
<div>Hello.<br></div><div><br></div><div>Does anyone know if there is a specific configuration that is needed to allow password resets to work from browsers on mobile devices?</div><div><br></div><div>We recently upgraded from 4.4.6 to 4.8.4. I configured the focus identification module to use both email and employee number. From a browser on a PC, resetting the password works as expected. But from a mobile device, after entering employee number or email (focus identification), I get an "Invalid username and/or password." error message and am redirected to the identity provider selection screen. I'm aware that mobile support is limited and that the reset password operation authenticated via the mail link (with 
nonce) needs to be completed in the same browser it was started in.

</div><div><br></div><div>Below are excerpts from our security policy:</div><div>    <authentication><br>        <modules></div><div>...<br></div><div>            <mailNonce id="4"><br>                <name>MailNonce</name><br>                <description> Authentication based on mail message with a nonce. Used for password reset.</description><br>                <credentialName>mailNonce</credentialName><br>            </mailNonce></div><div>            <focusIdentification id="26"><br>                <identifier>employeeNumberEmail</identifier><br>                <item id="27"><br>                    <path>employeeNumber</path><br>                    <matchingRule>stringIgnoreCase</matchingRule><br>                </item><br>                <item id="28"><br>                    <path>emailAddress</path><br>                    <matchingRule>stringIgnoreCase</matchingRule><br>                </item><br>            </focusIdentification></div><div>        </modules><br>        <sequence id="5"><br>            <name>userPasswordResetAuth</name><br>            <description>Just a nonce mail to validate e-mail address.</description><br>            <channel><br>                <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#resetPassword">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#resetPassword</a></channelId><br>                <urlSuffix>resetPassword</urlSuffix><br>            </channel><br>            <module id="29"><br>                <name>MailNonce</name><br>                <order>20</order><br>                <necessity>required</necessity><br>            </module><br>            <module id="30"><br>                <identifier>employeeNumberEmail</identifier><br>                <order>10</order><br>                <necessity>requisite</necessity><br>            </module><br>        </sequence></div><div>...</div><div>    <credentialsReset><br>        <authenticationSequenceName>userPasswordResetAuth</authenticationSequenceName><br>    </credentialsReset></div><div><br></div><div><br></div><div>Thanks for the help,</div><div>Paul Taylor</div>

</div>