Firefox is triggering the wrong authentication trigger on a change password request by SiteMinder. We need help & can provide more details, thanks!
Firefox version 66 and Siteminder version 12.8 SP2. REPORTED PROBLEM:
- users are prompted to change password based on password policy - users enter old password and then new password, confirm new password - click the change button and do no get the message "your new password has been set. Use this new password the next time you log into your account" which should be displayed as part of authreason=23 referenced in the oob password policy file smpwservices.fcc
Eminye Imininingwane Yohlelo
- I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
Hi justin.linnan, can you reproduce the problem in a current version of Firefox? Either:
- Firefox 71.0
- Extended Support Release of Firefox 68 (68.3.0esr)
This could be difficult, but is there a demo page to test this functionality?
Hi - my tech guys advised it is reproduceable in the versions that you mention below. Would you be able to join a conf call for <30 mins today?
Hi Justin, I'm not the right person to join a call on this. You should consider filing a bug: https://bugzilla.mozilla.org/
OK thanks. I opened a defect with Bugzilla. Note, my internal Support resource provided the following:
Good Afternoon Justin \ UTC Team \ Firefox support
- customer has a password change policy in effect - user is prompted for a password change - the user changes the password but the page never confirms that the password has changed i.e message expected "your new password has been set. Use this new password the next time you log into your account" - even though the message is not displayed the user is able to login to the application using the new password which indicates that Siteminder performed the change password task
- this works in IE, Chrome and Firefox - it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page - siteminder does not integrate with the Browser and as such does not distinguish how a password policy should behave on a particular browser
Main issue to investigate here:
- why is the Firebox page not displaying the 1- Expected message "your new password has been set. Use this new password the next time you log into your account" 2- This has been tested locally and confirmed that both Http and Https pages works successfully Firefox version this was tested on was version 70.0.1
- test the issue against version 71 as recommended by firefox community support - engage firefox support to assist. - siteminder support is available and willing to assist with the issue.
Sorry, this part is a little confusing:
Please note:Do you mean it fails if the page is HTTP (insecure)? Also, if you start the lines with * in your reply you can get a bulleted list.
- this works in IE, Chrome and Firefox
- it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page