Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

APM AD Password Change on expired and "change at next logon" - need ideas

Hi All, So i am using APM as our SSO for a project, it's brilliant and it fixes many problems! For one password changes, using the AD integration i can get the f5 to enforce a password change at the expiry date or days before and also run the same process if the "change password at next logon" tick box has been ticked which is also super handy. Now i believe this process is held inside the "ad auth" module but i could be wrong and correct me if needed, and its all sort of coded inside the block in the policy editor. Now, i've been asked to add the password hints to that page which doesn't seem unreasonable and its also in the CIS Password Policy Guide so i can't really hide from it! But what i can't find is a way to show text when that password change process has been activated, i don't need to show it any other time. Any ideas on what i could do, or can you point me at something right under my noise? Thanks - Fletch
8 REPLIES 8

@Leslie_Hubertus - I've put this into water cooler by mistake.
Can you move it to the technical forum please?

Gotcha covered. 🙂

CA_Valli
MVP
MVP

I've achieved something similar in a recent project. 

I've added a "change my password" checkbox to logon page that, when triggered, forcefully sets the password expired option and loops back onto logon page. This way user is able to change his password, password hints were put in "password update" page only modifying page options in policy tree .. (see 'General customization' in this guide, and explode your access profile) 

I can share config if it helps

Hi,

Thanks for the reply, i've got the same sort of process working to trigger the process.
I'll dig into that in a minute, but by pure chance a college hit the page today,.

PSFletchTheTek_0-1677159642646.png

And when this is seen i want to be adding something like

- Minimum 14 characters

- At least 1 Upper Case

-At least 1 Lower case

- At least 1 special character 

- the wind has to be travelling dirtect north and you are standing on one foot.

but only when you are on this page, not at the one before it.
Will the custom part cover that?

Sure, you can edit the text for "The domain password has expired.." and include another paragraph that contains your custom text.

Can you also point em at the "password update" page or its inc file in the policy tree?
I can't find it!

I had to look back at it.. I have to  admit it's quite hidden. 

Update "user triggered change" first, and "AD password change failure" as well, to retain the info if user inputs bad password. 

I've highlighted them below. NOTE -> THEY CHANGE FOR EVERY LANGUAGE. 

CA_Valli_2-1677164389829.png

It supports HTML formatting

 

<p style='font-size:1em'><font-family:'verdana'>Per soddisfare i requisiti minimi di sicurezza, la password deve:</p>   <p style='font-size:0.8em'>•    Deve avere una <b>lunghezza minima</b> di 8 caratteri;</p> <p style='font-size:0.8em'>•    Deve essere <b>diversa dalle precedenti password</b> e non contenere <b>parti del nome utente</b>;</p> <p style='font-size:0.8em'>•    Deve contenere <b>almeno 3 delle seguenti categorie</b> di caratteri: lettere maiuscole, lettere minuscole, numeri, caratteri speciali / punteggiatura..</p>

 

Check out the link below. Works for the standard APM theme. Should work for the modern APM theme also, with some little adjustments.

https://github.com/nvansluis/f5.password_change_validation