When FreeIPA is used as an authentication provider for web applications, the Apache might attempt PAM authentication for example using mod_intercept_form_submit and find the password expired. In that case, the module might like to redirect the user to a password reset page on FreeIPA to get the password reset -- typically upon the first use of the password after admin (re)set it.
When that password reset passes, the /ipa/ui/reset_password.html page says
Password reset was successful. Return to login page.
pointing to /ipa/ui/login.html on the FreeIPA server. But if the password reset was initiated due to a failed login to external application and not to FreeIPA WebUI itself, we might need a way to specify the URL the user should be redirected to after successful password reset. Adding support for parameter like bounce_url would be nice.
How much more customizable this should get is a question -- we might also want name of that other application, and perhaps the locales that should be used for the password reset page ...
But bounce_url is what is needed for.
A side note: In FreeIPA 4.0 the reset page no longer offers the link to login page. There's just: "Password reset was successful."
Ah. Well, I guess if the bounce_url is specified, the link should be back. And possibly if bounce_text is specified as well, that would be the text of that link.
That way, even FreeIPA itself can bring the link back by specifying those parameters.
Identified as stretch goal for 4.1 in triage meeting.
master:
ipa-4-1:
not closing yet, there is ongoing discussion on the devel-list.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138798
Updating release notes to reflect the fact that the parameter is called url, not bounce_url, and that it does not redirect back to the originating page, just shows a link prompting user to click it.
And another parameter delay.
Metadata Update from @adelton: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.1
ipa-4-7:
Login to comment on this ticket.