Okay, since NetIQ doesn't support NAM and IDM UserApp integration for
first-time expired passwords and challenge/response setup, I can only
come up with the following workaround:

On First Login, NAM is setup to detect expired password and sends user
to the UserApp change password.jsp. Do some re-writing to fix some
issues with the rewriter mangling the message and all is okay.

On SUBSEQUENT Login, I need NAM to check the eDir attribute of the user,
detect that the Challenge Response attribute is missing, redirect to the
UserApp Challenge/response page/questions, have the user answer them and
THEN redirect the user BACK to their original page that they were trying
to go to.

I'm sure this can be done, just not sure HOW the final redirect is

Any idears/takers?

kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=47480