Page Operations
Browse SpaceLabels:
Introduction
This guide will teach you how to setup JOSSO Password Reset process.
Prerequisites
You need a configured JOSSO Gateway and a SMTP server that will be used to send password confirmation emails.
The Process
- A user wants to log in but does not remember his/her password.
- The user clicks the 'Forgot your password' link from the login form.
- The user is redirected to a password reset form
- The user enters his/her email address
- JOSSO Validates the given email and sends a new generated password to the user's email address.
- The user opens his/her email inbox and clicks the verification link generated by JOSSO.
- JOSSO Updates the stored password with the generated value.
- The user logs in using the new credential.
Configure SSO Plugins
Email Password Distributor
This component will create and send a verification email using the configured mail sender. Make sure that the mail-to-userporperty property has the name of the SSO User property containing the user's email address. In case you are using a DB store, this should be the name of the table column that stores email addresses.
The template property points to a velocity template used to build the verification email content. The template is located in the gateway distribution war at WEB-INF/classes.
<!-- ===================================================================== -->
<!-- SSO Password Distributor -->
<!-- ===================================================================== -->
<!-- The 'mail-to-userproperty' is the SSOUser property name that contains the user email! -->
<email-password-distributor id="josso-password-distributor"
mail-from="josso@josso.org"
mail-to-userproperty="email"
mail-subject="JOSSO Password Reset verification e-mail"
template="/passwordVerificationEmail.vm"
xmlns="urn:org:josso:email:passworddistributor">
<mail-sender>
<s:ref bean="josso-spring-mailsender"/>
</mail-sender>
</email-password-distributor>
As you can see in the following sample, you can use user information when building the email text. The confirm URL will be automatically generated by JOSSO and will include the verification token.
Dear $jossoUser.name,
Here is the new password you requested : $jossoClearPassword.
To activate it please follow the link bellow:
$jossoConfirmUrl
Email Sender
The email sender component is used by JOSSO to send all outgoing emails. It is defined in the josso-gateway-config.xml file. JOSSO uses spring java email sender implementation.
<!-- ===================================================================== -->
<!-- Spring Mail Sender bean. Configure mail delivery settings here -->
<!-- ===================================================================== -->
<s:bean id="josso-spring-mailsender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
<!-- Spring JavaMaileSender properties :
protocol, host, port, username, password -->
<s:property name="host" value="mail.mycompany.com"/>
</s:bean>
Identity Store
The identity store has two properties that are relevant for the password reset process.
- resetCredentialDml : This is the query that JOSSO will use to update the user password with the new value upon verification.
- relayCredentialQueryString : This is the query that JOSSO will use to obtain a user's login based on his/her email address. This query must return one and only one value for a given email. In this example, the name of the column used in the query is the value of the mail-to-userproperty property configured in the password distributor.
<db-istore:datasource-store id="josso-identity-store" dsJndiName="java:/DefaultDS" userQueryString="SELECT LOGIN AS NAME FROM JOSSO_USER WHERE LOGIN = ?" rolesQueryString="SELECT NAME AS ROLE FROM JOSSO_USER_ROLE WHERE LOGIN = ?" credentialsQueryString="SELECT LOGIN AS USERNAME, PASSWORD FROM JOSSO_USER WHERE LOGIN = ?" userPropertiesQueryString="SELECT NAME, VALUE FROM JOSSO_USER_PROPERTY WHERE LOGIN = ?" resetCredentialDml="UPDATE JOSSO_USER SET PASSWORD = ? WHERE LOGIN = ?" relayCredentialQueryString="SELECT LOGIN FROM JOSSO_USER WHERE #?# = ?" />