By default, the login dialog of Lobster Data Platform / Orchestration sees a Forgot password? link. (1), which allows authorized users who have forgotten their password to regain access to the system without the assistance of an administrator.

The following procedure enables this, provided that the user account in question is active and not configured for LDAP authentication:

The user clicks on the Forgot password? link in the login dialog.
Users identify themselves by entering their Username and an E-Mail address stored as information in their user account.
An Ereignisbehandlung configured by the administrator sends an e-mail to the stored address, which provides a token (see the section 'Assigning a new password') in addition to information on changing the password.
The user applies this token to set a new password without having to enter the previous one.

Details of the procedure are described in the following sections. To configure event handling, (see Configure the 'Forgot password' function).

The functionality (or the display of the link in the login dialog) can be globally deactivated if required (see Passwort-Vergessen-Funktion ausschalten).

Request password change

images/download/attachments/91130954/image2017-5-22_15_17_25-version-1-modificationdate-1642092299831-api-v2.png

After clicking on the link, the user is asked to enter a Username and an E-mail address.

images/download/attachments/91130954/image2017-5-22_15_20_23-version-1-modificationdate-1642092299828-api-v2.png

The Send button (3) is only activated when the user name is specified and the E-mail field contains a formally valid e-mail address.

A click on Send triggers the following checks:

Check	Behaviour in case of error
A user account with the specified Username exists?	Message 'Username and e-mail address cannot be assigned' if username does not exist.
This user account is active?	Message 'The user is not active' appears if not active.
The specified E-mail address is stored as communication information in the user account? ►IMPORTANT◄ The spelling must be identical including upper/lower case.	Message 'Username and e-mail address cannot be assigned' if the specified e-mail address is not stored.
The user account is NOT configured for LDAP authentication?	Message 'The specified user is authenticated to an LDAP service. (...)' if the user account is configured for LDAP.

If all checks are positive, the event Passwort / Reset angefordert is triggered, for which a specific event handling (see Configure the 'Forgot password' function) must be stored, which ensures that the user receives an e-mail with a token for the password change.

Assign new password

Access to password change by token is done by extending the URL used to access Lobster Data Platform / Orchestration by the parameter pwdRequestToken with the character string of the token . The link with this combination can already be provided in the sent e-mail as a clickable link.

Example: https://scm_portal.[...].com?pwdRequestToken=MTY4amZyZHhqa2x5ayMxNTM2NTY8QTg3MDA0I0tJTExNRTI%3D A link like this can also be formatted more appropriately in the e-mail via HTML:

images/download/attachments/91130954/image2022-1-13_17-49-6-version-1-modificationdate-1642092546706-api-v2.png

When clicking on the link (formatted as a marked button in the example) the Lobster Data Platform / Orchestration client starts with the parameter pwdRequestToken and the token is checked for validity.

A token issued for the password change becomes invalid...

... when it is used to change the password.
... if it is not used within 24 hours of issue.
... if a token is requested again for the same user account.

If a token is invalid or no longer valid, this is indicated by a popup (1) and a message (2).

images/download/attachments/91130954/image2017-5-23_8_8_21-version-1-modificationdate-1642092299802-api-v2.png

With a valid token, the prompt to change the password appears immediately:

images/download/attachments/91130954/image2017-5-23_8_3_42-version-1-modificationdate-1642092299812-api-v2.png

The user must repeat his new password (1) to prevent typing errors (2).

images/download/attachments/91130954/image2017-5-23_8_5_27-version-1-modificationdate-1642092299805-api-v2.png

If both values match, the Send button (1) becomes active, and the password change can be completed.

images/download/attachments/91130954/image2017-5-23_9_27_15-version-1-modificationdate-1642092299797-api-v2.png

After setting the password, a confirmation message is displayed and the user can now log in with the new password.

►IMPORTANT◄ If the password change is aborted, the token remains valid and the link can be used again later as long as it is not invalidated by other factors mentioned above. In this respect, aborting the password change at a workstation shared with other users can represent a security risk if the link with the token becomes accessible to others, e.g. via the browser history.