How to customise the Self-Service Portal password tooltip

Overview

The Authlogics Self-service portal (SSP) includes functionality for users to reset their Active Directory passwords that conform to NIST compliant standards defined in Special Publication 800-63B.

As a user enters their new password, a tooltip is displayed to help guide them in choosing an appropriate password. The tooltip has been designed to work on desktop browsers as well as mobile devices. This article describes how an administrator can choose which policies are visible to the users and customise the wording displayed.

The tooltip is not intended to provide comprehensive validation, it is intended as a guide for the user. Full validation is performed once the user has submitted the password.

Performing the Customisation

The tooltip for the SSP is configured in the C:\Program Files\Authlogics Authentication Server\wwwroot\Assets\js\config.js on the Authlogics Authentication Server. This file can be edited using Notepad. If multiple Authlogics Authentication Servers are deployed the updated file must be copied to all server instances.

By default, the config file has been configured to provide the most common and useful policy feedback to the user in line with the standards defined in NIST Special Publication 800-63B, however, these can be changed to suit your requirements.

NOTE: Please ensure that you have a backup of the config.js file prior to making any changes. When modifying, it is important to keep all existing syntax. The corruption of this file may make the SSP inoperable.

 

Policies available to the Tooltip

NOTE: For detailed information on the policies, please refer to the Authlogics Password Policy Agent Installation and Configuration Guide.

  • AllowUsername
  • DisableSharedPasswordProtection
  • DisableOnlineBreachDatabase
  • DisableCustomBlacklist
  • DisallowMonthAndDay
  • DisallowSpaces
  • DisallowNumericOnlyChanges
  • DisallowFirstOrLastNumeric
  • MaxAllowedUsernameCharacters
  • MaxLength
  • MaxRepeatingChars
  • MaxConsecutiveRepeatingChars
  • MaxSequentialChars
  • MaxSequentialKeyBoardChars
  • MinLength
  • MinLowerCaseChars
  • MinNumericChars
  • MinSpecialChars
  • MinUnicodeChars
  • MinUpperCaseChars

The config.js file contains two keys used by the browser to determine the configuration of the tooltip. Policy Display Order determines the display order of the policies starting from top to bottom.

policyDisplayOrder: ["MaxSequentialKeyBoardChars","MinLength", "MaxRepeatingChars"]

In the example above, the policies are specified with the square brackets and double quotes separated by a comma (conforming to JavaScript array initialisation syntax). Policies not specified in the policyDisplayOrder field will be displayed below those listed.

The Validation key has a list of subkeys which relate directly to the configuration of each policy.

 

Below is an example of the configuration for the MaxSequentialChars policy:

            MaxSequentialChars: {
                disabledValue: 0,
                text: "No more than {value} characters in a sequence (e.g. abcde)",
                errorOnly: true
            },

In the case above, the name of the check is MaxSequentialChars which determines the maximum number of times a sequence of characters can be used within a compliant password.

The following table shows the options per check:

Name

Description

Value

Editable

(key)

The name of the check. MaxSequentialChars in this example

 

No

disabledValue

What is the default value to determine whether a check is enabled or disabled

 

No

text

The description displayed in the Password tooltip as a user enters a new password.

Free form text that can be customised. {value} is a placeholder for the policy sent to the tooltip.

 

The {value} placeholder accepts the following

{value}, {value+1} or {value-1} options where the policy defined number or 1 above or 1 below can be displayed.

Yes

errorOnly

When set to true, the check will not be displayed in the tooltip and the results of the check will only be visible after a user tries to submit the new password.

true/false

Yes

NOTE: All configurable values are case-sensitive. Please ensure you conserve the case as per this documentation.

Applying changes

To apply the changes, open an Administrator Command prompt on the Authlogics Authentication Server and run the iisreset command to refresh the Self-service portal web site and load the newly configured JavaScript file.

Thereafter, please log out of the SSP and restart the browser.

Server-Side Password Validation

Full validation of the new password is done by the server once the change button has been clicked. If there are any validation errors the reason will be supplied to the user:

 

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.