X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Firefox is triggering the wrong authentication trigger on a change password request by SiteMinder. We need help & can provide more details, thanks!

Kuphostiwe

Firefox version 66 and Siteminder version 12.8 SP2. REPORTED PROBLEM:

- users are prompted to change password based on password policy 
- users enter old password and then new password, confirm new password 
- click the change button and do no get the message 
   "your new password has been set. 
 Use this new password the next time you log into your account" 
  which should be displayed as part of authreason=23 referenced in 
  the oob password policy file smpwservices.fcc
Firefox version 66 and Siteminder version 12.8 SP2. REPORTED PROBLEM: - users are prompted to change password based on password policy - users enter old password and then new password, confirm new password - click the change button and do no get the message "your new password has been set. Use this new password the next time you log into your account" which should be displayed as part of authreason=23 referenced in the oob password policy file smpwservices.fcc
Isicaphuno

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36

Eminye Imininingwane

jscher2000
  • Top 10 Contributor
8892 izisombululo 72750 izimpendulo
Kuphostiwe

Impendulo Ewusizo

Hi justin.linnan, can you reproduce the problem in a current version of Firefox? Either:

  • Firefox 71.0
  • Extended Support Release of Firefox 68 (68.3.0esr)

This could be difficult, but is there a demo page to test this functionality?

Hi justin.linnan, can you reproduce the problem in a current version of Firefox? Either: * Firefox 71.0 * Extended Support Release of Firefox 68 (68.3.0esr) This could be difficult, but is there a demo page to test this functionality?
Ingabe lokhu kube usizo kuwena? 1
Isicaphuno

Impendulo Ewusizo

Hi - my tech guys advised it is reproduceable in the versions that you mention below. Would you be able to join a conf call for <30 mins today?

Hi - my tech guys advised it is reproduceable in the versions that you mention below. Would you be able to join a conf call for <30 mins today?
Ingabe lokhu kube usizo kuwena? 1
Isicaphuno
jscher2000
  • Top 10 Contributor
8892 izisombululo 72750 izimpendulo
Kuphostiwe

Hi Justin, I'm not the right person to join a call on this. You should consider filing a bug: https://bugzilla.mozilla.org/

Hi Justin, I'm not the right person to join a call on this. You should consider filing a bug: https://bugzilla.mozilla.org/
Ingabe lokhu kube usizo kuwena?
Isicaphuno

Umnikazi wombuzo

OK thanks. I opened a defect with Bugzilla. Note, my internal Support resource provided the following:

Good Afternoon Justin \ UTC Team \ Firefox support

Reported problem:

- customer has a password change policy in effect 
- user is prompted for a password change 
- the user changes the password but the page never confirms that the password has changed 
  i.e message expected 
       "your new password has been set. 

       Use this new password the next time you log into your account"

- even though the message is not displayed the user is able to login to the application using the 
  new password which indicates that Siteminder performed the change password task 

Please note:

- this works in IE, Chrome and Firefox
- it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page 
- siteminder does not integrate with the Browser and as such does not distinguish how a password policy 
  should behave on a particular browser 

Main issue to investigate here:

- why is the Firebox page not displaying the
   1- Expected message 
       "your new password has been set. 
       Use this new password the next time you log into your account" 
   2- This has been tested locally and confirmed that both Http and Https pages works successfully 
      Firefox version this was tested on was version 70.0.1

Next Step:

 - test the issue against version 71 as recommended by firefox community support 
 - engage firefox support to assist. 
 - siteminder support is available and willing to assist with the issue.
OK thanks. I opened a defect with Bugzilla. Note, my internal Support resource provided the following: Good Afternoon Justin \ UTC Team \ Firefox support Reported problem: - customer has a password change policy in effect - user is prompted for a password change - the user changes the password but the page never confirms that the password has changed i.e message expected ''' "your new password has been set. Use this new password the next time you log into your account"''' - even though the message is not displayed the user is able to login to the application using the new password which indicates that Siteminder performed the change password task Please note: - this works in IE, Chrome and Firefox - it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page - siteminder does not integrate with the Browser and as such does not distinguish how a password policy should behave on a particular browser Main issue to investigate here: - why is the Firebox page not displaying the 1- Expected message "your new password has been set. Use this new password the next time you log into your account" 2- This has been tested locally and confirmed that both Http and Https pages works successfully Firefox version this was tested on was version 70.0.1 Next Step: - test the issue against version 71 as recommended by firefox community support - engage firefox support to assist. - siteminder support is available and willing to assist with the issue.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
jscher2000
  • Top 10 Contributor
8892 izisombululo 72750 izimpendulo
Kuphostiwe

Sorry, this part is a little confusing:

justin.linnan said

Please note:
  • this works in IE, Chrome and Firefox
  • it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page
Do you mean it fails if the page is HTTP (insecure)? Also, if you start the lines with * in your reply you can get a bulleted list.
Sorry, this part is a little confusing: ''justin.linnan [[#answer-1275097|said]]'' <blockquote> Please note: * this works in IE, Chrome and Firefox * it only Fails in firefox if the page is HTTPS and works successfully on HTTPS page </blockquote> Do you mean it fails if the page is HTTP (insecure)? Also, if you start the lines with * in your reply you can get a bulleted list.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.