Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

The ProvisionControllerService web services provides operations that will let you change and reset passwords programatically. These operations will also synchronize the password changes across the relevant systems.

The difference between setPassword and resetPassword are described below.

Reset Password

Set Password

  • Generates a password based on policy rules if now password is provided in the request
  • Resets the pwdChangeCount to 0
  • Sets the resetPwd flag to 1
  • Also clears the isLocked flag that is set when a person locks out with incorrect logins.
  • Validates the password supplied by the user against policy
  • Changes the password to what is supplied by the user
  • Increments the pwdChangeCount – see the use case below for logic to increment.
  • Sets the resetPwd flag to 0
  • Sets the PWD_CHANGED to reflect the date time when a password was changed
  • Synch's the password with managed systems – if the managed sysId is 0 (primary identity)

ProvisionControllerService Operations

  • setPassword
  • addUser
  • modifyGroup
  • deleteUser
  • modifyUser
  • deleteGroup
  • addGroup
  • resetPassword

Endpoint Address:
http://<hostname>/openiam-idm-esb/idmsrvc/ProvisionControllerService?wsdl

Target namespace:
http://www.openiam.org/service/connector

Operation Name: resetPassword(PasswordSync passwordSync)

Parameters:

  • PasswordSync passwordSync

Return:

  • PasswordResponse- the returned object will contain success or failure. If its successful, it will also return the newly created password..

resetPassword allows you to reset the password associated with an identity. The operation allows you specify a new password or you can leave it blank. If its blank, then the system will auto-generate a new password based on the password policy that is in effect.

*Key Fields: PasswordSync *

Field Name

Description

securityDomain

Required

principal

Required

validateRequest

Required. Set to True

password

Optional - Auto-generated if its ommited

srcSystemId

Optional - Id of the Application that is making the request. Will be used in the audit log

requestorId

Optional - Id of the person making the request.

Sample Request:

Operation Name: setPassword(PasswordSync passwordSync)

Parameters:

  • PasswordSync passwordSync

Return:

  • Response - the returned object return success or failure

Valid Failure Codes

PRINCIPAL_NOT_FOUND

USER_NOT_FOUND

USER_STATUS"

FAIL_PASSWORD_POLICY

setPassword allows you to change a users password. The most conform the password policy that is in place.

Key Fields: PasswordSync

Field Name

Description

securityDomain

Required

principal

Required

password

Optional - Auto-generated if its ommited

srcSystemId

Optional - Id of the Application that is making the request. Will be used in the audit log

requestorId

Optional - Id of the person making the request.

Sample Request:

Labels:
None
Edit Labels