This section describes the features that allow you to force passwords to expire periodically or all at the same time.

The password expiration feature allows you to require users to change their passwords after a specified period of time, for example 90 or 120 days.

Enabling Password Expiration

Password expiration is disabled by default. Password expiration must be enabled to either require regular password changes, or force password expiration on all users.

To enable password expiration

ATG recommends that the change password page be completely static HTML. Once it has been determined that the user’s password has expired, all requests passing through the servlet pipeline are redirected to the URL in the redirectPath property. Any linked elements in the change password page, such as links to CSS files or images, must be explicitly set in the /atg/dynamo/servlet/pipeline/ExpiredPasswordServlet.localUrlsToAllow property in order for the page to render correctly. Note that you do not need to list page includes using dsp:include and jsp:include tags in localUrlsToAllow; these bypass the redirect. An example follows:

localUrlsToAllow=/templates/style/css/style1.jsp ,
/templates/style/css/style2.jsp
Password Expiration Process

Password expiration works as follows:

If the user leaves the site before completing the change password form successfully, the session times out. The password expiration process is repeated the next time the user logs in.

Example 1:

passwordValidForNumDays = 90
lastPasswordUpdate in Jim's profile = 01/01/2005
today's date = 03/17/2005

passwordValidForNumDays + lastPasswordUpdate = 01/04/2005, which is after today’s date. The passwordexpired session variable is set to false for Jim’s current session.

Example 2:

passwordValidForNumDays = 90
lastPasswordUpdate in Jim's profile = 01/01/2005
today's date = 05/17/2005

passwordValidForNumDays + lastPasswordUpdate = 01/04/2005, which is before today’s date. The passwordexpired session variable is set to true for Jim’s profile.

Forcing All Passwords to Expire

As well as configuring passwords to expire individually according to the date of the last change, you can force all passwords in the profile repository to expire on the same date. To do so, set the forcePasswordUpdateTimeStamp property in the /atg/userprofiling/ExpiredPasswordService component to the date when you want the passwords to expire. The property is a timestamp that is set to 01/01/2000 by default. All users will be prompted to change their passwords the first time they log in after the specified date.

To expire all passwords immediately and force all users to change their passwords the next time they log in, set the value to the current date.

Setting the forcePasswordUpdateTimeStamp value to a date in the future schedules all passwords to expire on that date.

The examples below are all valid formats for specifying the property value:

Forced password expiration works as follows:

Example 1:

forcePasswordUpdate = 04/04/2005
lastPasswordUpdate in Maria's profile = 02/15/2004
today's date = 05/17/2005

The force update value is after the last password update and also before today’s date, so the passwordexpired session variable is set to true for Maria’s current session.

Example 2:

forcePasswordUpdate = 04/04/2005
lastPasswordUpdate in Maria's profile = 04/15/2004
today's date = 05/17/2005

The force update value is before the last password update, so the passwordexpired session variable is not set for Maria’s current session.

Notifying Users of Impending Expiration

You can include the PasswordExpiresSoon droplet on a page to notify users when their password is about to expire.

This droplet can be found and configured at /atg/dynamo/droplet/PasswordExpiresSoon. The displayCount setting determines how many times per session the password expiration notification is shown to the customer logging in.

The droplet form is:

<dsp:droplet name="/atg/userprofiling/PasswordExpiresSoon">
<dsp:param name="login" bean="/atg/userprofiling/Profile.login"/>
<dsp:oparam name="soontoexpiremessage">
<p>Password will expire in <dsp:valueof param="daysUntilExpired">
            </dsp:valueof> days.
<p>Change password form here : <dsp:valueof
param="changePwdLocalUrl"></dsp:valueof> <br />
</dsp:oparam>
</dsp:droplet>

Copyright © 1997, 2013 Oracle and/or its affiliates. All rights reserved. Legal Notices