Handling Forgotten Passwords

The Personalization module can handle forgotten passwords by directing users to a form where they are prompted to supply a known value for a specific profile property (by default, e-mail address). The Personalization module generates a new password and sends it via e-mail. The e-mail uses a template and can be customized to include the login name and the URL of the login page as well as the new password.

Forgotten Password Process

The forgotten password process works as follows:

  1. Users browse to the forgotten password form.

  2. Users enter their e-mail address (or username) and submit the form.

  3. The ForgotPasswordHandler does the following:

  4. Users receive an email including their login name and the new password based on the given template. A link is provided to the login form based on the given template.

  5. Users either click the e-mail link or browse to the site, and then log in with the new credentials.

  6. The server sets the transient passwordExpired flag in the user profile to true, thereby requiring the user to change the password immediately.

Generated passwords are not saved to the Previous N passwords list.

Note that the Forgotten Password logic replaces the password value in the user profile, so the old password is no longer valid.

Enabling the Forgotten Password Features

To enable and configure the forgotten password features, complete the following steps:

  1. Create a form that allows the user to submit a known value, for example e-mail address.

  2. Configure the SMTP server. This can be done in the Configuration Manager at:

    http://localhost:port/dyn/admin/atg/dynamo/admin/en/
    configure-email-handler.jhtml

    (where the default port numbers on JBoss, Oracle WebLogic, and IBM WebSphere are 8080, 7001, and 9080, respectively. For more information, see Connecting to the Dynamo Administration UI in the ATG Installation and Configuration Guide.

  3. Set the Email Handler Host to your SMTP server. The Email Handler Port is usually set to port 25.

  4. Override or edit the Nucleus component /atg/userprofiling/ForgotPasswordEmailInfo and set the following properties:

    # The URL of the email template jsp/jhtml page
    templateURL=

    # Subject field of the email
    messageSubject=Forgot Password Email

    # From field of the email
    messageFrom^=/atg/dynamo/service/SMTPEmail.defaultFrom

    # MessageContentProcessor responsible for processing the content
    contentProcessor=/atg/userprofiling/email/
    HtmlContentProcessor

  5. Customize the email template.

    Note: if your template JSP/JHTML page contains links to other URLs on your site, you must specify them as absolute URLs in order for the email recipients to be able to access the linked pages. Use the full <code>http://server:port/...</code> form of the URL.

    An example follows:

<%@ taglib uri="/dspTaglib" prefix="dsp" %>
<dsp:page>

<HTML> <HEAD>
<TITLE>Forgot Your Password</TITLE>
</HEAD>

<dsp:importbean bean="/atg/userprofiling/Profile"/>

<BODY BGCOLOR="#FFFFFF" VLINK="#637DA6" LINK="#E87F02">
<font face="verdana" size=2>Dear
<dsp:droplet name="/atg/dynamo/droplet/Switch">
  <dsp:param bean="Profile.firstname" name="value"/>
  <dsp:oparam name="unset">
   Sir or Madam,
  </dsp:oparam>

  <dsp:oparam name="default">
    <dsp:valueof bean="Profile.firstName"/>
    <dsp:valueof bean="Profile.lastName"/>,
  </dsp:oparam>
</dsp:droplet>

<p>Here is your login information with a new passord.
<p>Login: <dsp:valueof bean="Profile.login"/>
<p><b>New password: <%=request.getParameter("newpassword")%></b>

</font>
</body>
</html>
</dsp:page>

Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices