Forum Discussion
Cri
Nimbostratus
NimbostratusAPM: Insert a cookie on a HTTP Response inside apm flow
Hi all,
this is the situation: I'm performing a simple authentication on an Oracle LDAP by APM, in case of password expiration I configured an endig that redirect on an external change password pag...
Cody_Green
Employee
EmployeeHi Cristian,
Another option would be to use the pool select option in the APM VPE versus redirecting the user. This would switch the resource pool to the change password server and you could then use a WebSSO method to provide the username to the backend application. Once the user updates their password you would issue a log off event and have them log in with their new credentials.
The advantage to this over the redirect is that any username in the cookie, POST header, or GET URI could be intercepted and modified. With this option you can use the multifactor authentication capabilities of APM and send a one time password to the user that must be verified before they can access the change password site.
Just a thought...
Cody