Forgot Password Functionality for Domino
This application implements the “Forgot Password” functionality for Domino. This feature is available today for almost any Web application which try to reset the password by sending notification to registered mail address. However, if you forget your Domino Webmail/Notes Client password, then you need to contact Administrators to reset the password.
If the Organization has set the policy to change the passwords after every 60/90 days, then the password reset requests are more often. For a large Customer, we observed that around 60% Support requests are meant for Password Reset for Notes Client/Web Mail.
This tools aims at minimizing such Support Calls by encouraging users to Register for Self Password Reset application. Users need to do one time registration and set their secret questions and answers. Once registered, users can use this application to Reset their Webmail/Notes Client passwords without engaging the Support team.
Features of application:
- Reset password for both HTTP and Notes client (via ID Vault) in a single step.
- Front end application only consists of XPages design elements with total separation from data.
- No direct access to data via web interface/domino URL
- Secret answers secured with MD5 encryption.
- Forced authentication for Registering/editing the profile.
- Used single XPage for password reset wizard with efficient use of Dynamic content control. Browser back button send use back to the start of wizard. Therefore, application having full control of flow.
- Lockout of Accounts and preventing unauthorized attempt to reset password. If tried to answer incorrectly more than 5 times. Lock-out is cleared automatically after defined interval via a Scheduled agent.
- ID Vault should be configured and installed.
- The Signer ID should have access to run XPages application and Password Reset Authority in ID Vault.
It consists of two NSF files:
Front-End Application: The XPages frontend and the other one to store use profiles.
The first database contains configuration information to connect to second db. No other data is stored in it. It contains all the XPages design elements and is available for anonymous access use.
Back-End Data Storage Application: The second database contains all the registered user's profile documents. This database has no URL access and is only accessible by the front-end XPages interface. This approach avoids all URL based quirks to access data in NSF file. The user profile stores questions and secret answers as selected by user. The data is stored with MD5 hashing to ensure even administrators can't get access to user's personal information.
Step 1: Register your profile one time to select three questions from a admin defined list of questions. Provide easy to remember answers for the selected questions.
Step 2: If you have forgotten your password, then go to the application and proceed with password reset wizard.
- It will ask first to verify email address
- If the use profile is found for the entered email I'd, the application will prompt to provide answers for 3 questions.
- If the answers match with the stored one in profile, user is allowed to provide new password.
- The final screen provides confirmation message with results of password change process.
- Download the application from project Download section and unzip on local machine.
- Copy the two NSF files to your Domino Server’s Data Directory.
- Sign the two databases with ID which has got rights to change password in ID Vault and can run XPages application on Server.
- Open the resetpwd.nsf database in Notes Client and Modify the settings in Keywords view.
n DATA_DB_PATH keyword specifies the path of ForgotPasswordData.nsf database. Please ensure a double “\\” to be added to path.
n The other settings specify the Domino Server names where ID Vault is located and where we would like to change the HTTP Password.
n Few sample questions which can be easily customized in the QuestionList Keyword.
- Open the application resetpwd.nsf via Web Browser and check if it’s displaying the application HomePage.
- Try to register a user’s profile and then try to reset the password for the same user.
- The final screen will show status message of password change for HTTP and ID Vault. Fix the permission issues if any with ID Vault.
- Enable the Scheduled agent to Run on Server to UnBlock the profiles. This agent unlocks all such profile which were locked due to multiple failed attempts to reset the password. This is to avoid any person randomly trying to reset the password.
- Change Logos, Banner and Company Name in ccAppLayout Custom Control.
Let me know if any specific functionality is required to be added to the application.