Sun Identity Manager Deployment Reference

Customizing Tabbed User Form: Moving Password Fields to the Attributes Area

To update two resources with different passwords simultaneously, you must generate a separate password field for each assigned resource. For example, you can have an AD password field on the AD resource Attribute area (on the Accounts page) that still conforms to password policies that can be set separately from other resources.

Default Password Policy Display

By default, Identity Manager displays password policy information on the Accounts > Identity tab, as shown below.

To move the password fields from their default position on the Identity area to the Attribute area, you must disable the default Identity Manager password synchronization mechanism by following these three steps:

ProcedureTo Move the Password Fields from Their Default Position

  1. Set the manualPasswordSynchronization checkout property

  2. Add Field and FieldLoop components to the Tabbed User form

  3. Add resource-specific password fields to the Tabbed User form

    These steps are described in more detail below.

Step One: Set the manualPasswordSynchronization Checkout Property

Specify the manualPasswordSynchronization view check out option by adding the following property to the form:

     <Property name=’manualPasswordSynchronization’ value=’true’/>

When manualPasswordSynchronization is set to true, Identity Manager displays per-resource password fields rather than using the password synchronizer.

Step Two: Turn Off Password Synchronization

You can disable password synchronization by turning off the selectAll flag under the Password view. To do this, add the following fields to the default forms:

<Field name=’password.selectAll’>
    Force the selectAll flag off so we do not attempt synchronization.
    Necessary because it sometimes is set to true by the view handler.
   <FieldLoop for=’res’>
   Also must force the individual selection flags to false and display
   a password prompt for each resource since the view handler will
   default to true for new accounts.
   <Field name=’password.accounts[$(res)].selected’>

Step Three: Add Resource-Specific Password Fields to Attributes Page

Write resource specific password fields for each resource as follows:

<Field name=’accounts[resname].password’>