Configuring the BMC Helix SSO agent to enable end users to change their passwords
How the action support feature works
As client applications interact with BMC Helix SSO through the BMC Helix SSO agent, the agent is provided with the mechanism of changing the end user password by using the action support feature.
The BMC Helix SSO agent defines the action by using the predefined URL path mask. The default action path mask is /_rsso/. The following setting is enabled by default in the rsso-agent.properties configuration file:
After identifying the action, the BMC Helix SSO agent redirects the server-side action to BMC Helix SSO server with the 401 or 200 status code and an auto-post HTML form.
- 401 code indicates that the user is not authenticated
- 200 code indicates that the user is authenticated.
The auto-post HTML issues the HTTP POST request with the URL and action parameters in the request body.
All server-side actions get similar parameters that are provided for a basic login operation (currently covered by the /rsso/start servlet). The parameters support all BMC Helix SSO agent-based features such as Multi-Service Providers (MSPs) and preauthentication.
Before you begin
The server-side action handlers must be configured to dynamically match the action name. Hence the action handler must be added as the class, matching the action name to the class attribute.
To configure the integrated application for using the allow password change action
As an administrator of an integrated application, you can build a URL to include it in the email that is triggered to the user to change their password.
The URL should have the following format: /_rsso/server/<action-path>/<action-name>?<action-params>, where:
_rsso is the action-path-mask defined on the BMC Helix SSO server
<action-path> allows the grouping of some actions by categories - is optional
<action-name> is the name of a server-side action
Thus, a URL could look like the following: application.bmc.com:8080/arsys/_rsso/server/change-password