Forum Discussion
Cody_Green
Dec 03, 2014Employee
Hi Cristian,
Another option would be to use the pool select option in the APM VPE versus redirecting the user. This would switch the resource pool to the change password server and you could then use a WebSSO method to provide the username to the backend application. Once the user updates their password you would issue a log off event and have them log in with their new credentials.
The advantage to this over the redirect is that any username in the cookie, POST header, or GET URI could be intercepted and modified. With this option you can use the multifactor authentication capabilities of APM and send a one time password to the user that must be verified before they can access the change password site.
Just a thought...
Cody