freeipa

Clone
Source Code
GIT

#4440 Add support for bounce_url to /ipa/ui/reset_password.html
Closed: Fixed None Opened 9 years ago by adelton.

Closed: Fixed
Reopen Issue

When FreeIPA is used as an authentication provider for web applications, the Apache might attempt PAM authentication for example using mod_intercept_form_submit and find the password expired. In that case, the module might like to redirect the user to a password reset page on FreeIPA to get the password reset -- typically upon the first use of the password after admin (re)set it.

When that password reset passes, the /ipa/ui/reset_password.html page says

Password reset was successful. Return to login page.

pointing to /ipa/ui/login.html on the FreeIPA server. But if the password reset was initiated due to a failed login to external application and not to FreeIPA WebUI itself, we might need a way to specify the URL the user should be redirected to after successful password reset. Adding support for parameter like bounce_url would be nice.

How much more customizable this should get is a question -- we might also want name of that other application, and perhaps the locales that should be used for the password reset page ...

But bounce_url is what is needed for.

A side note: In FreeIPA 4.0 the reset page no longer offers the link to login page. There's just: "Password reset was successful."

Ah. Well, I guess if the bounce_url is specified, the link should be back. And possibly if bounce_text is specified as well, that would be the text of that link.

That way, even FreeIPA itself can bring the link back by specifying those parameters.

Identified as stretch goal for 4.1 in triage meeting.

master:

  • 8288135 webui: add bounce url to reset_password.html

ipa-4-1:

  • 8288135 webui: add bounce url to reset_password.html

not closing yet, there is ongoing discussion on the devel-list.

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1138798

master:

  • 050431c webui: adjust behavior of bounce url

ipa-4-1:

  • c946029 webui: adjust behavior of bounce url

Updating release notes to reflect the fact that the parameter is called url, not bounce_url, and that it does not redirect back to the originating page, just shows a link prompting user to click it.

And another parameter delay.

Metadata Update from @adelton:
- Issue assigned to pvoborni
- Issue set to the milestone: FreeIPA 4.1
7 years ago

master:

  • 0ed3dfb Replace the direct URL with config's one
  • 4da736e Add "reset_and_login" view to LoginScreen widget
  • 3a43bf8 Use "login" plugin instead of standalone JS file
  • 30bcad4 Clean up reset_password.js file from project
  • d5c0bae Fix translations of messages in LoginScreen widget
  • 5c32ac3 Add "bounce" logic from "reset_password.js"
  • b4885d3 Add tests for LoginScreen widget

ipa-4-7:

  • 7c8ba1d Replace the direct URL with config's one
  • ce15361 Add "reset_and_login" view to LoginScreen widget
  • 8da9935 Use "login" plugin instead of standalone JS file
  • 18c878e Clean up reset_password.js file from project
  • b7290e4 Fix translations of messages in LoginScreen widget
  • 86f98e5 Add "bounce" logic from "reset_password.js"
  • e24b1f6 Add tests for LoginScreen widget

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
Web UI
None
1
None
None
edewata
None
https://bugzilla.redhat.com/show_bug.cgi?id=1138798
None
The /ipa/ui/reset_password.html page accepts url parameter to provide the user with a back link after successful password reset, to support resets initiated by external web applications. Additional parameter delay automatically redirects back after the specified number of seconds has elapsed.
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.