Dear all,

We have a configuration with NAM that includes an IDS and an
AG with Service Provider that uses SAML2.0. We have configured SSPR 3.0
that uses Identity injection on http header.

We have an issue with our IDP customized login page. We try to do some
controles on password expiration (request on eDir if password expiration
meet our condition) and pin-up a message with two links :

- The first one redirects user to self-service password reset (SSPR
- The second lets user continue authentication process normally.

When users with soon expired password try to go on the webapp through
the SP, they are redirected to IDP login page and then the message with
the two links appears but when clicking on both links this redirects
users to the webapp main page.

In the other side, when we use a soon expired password account to
authenticate directly on the IDP login page, the first link redirects to
SSPR page and the second let the authentication process continue

For users with soon expired password, we redirect (try to redirect) them
to sspr page by changing "target" parameter to sspr page URL and submit
the form.

Is there anybody who try to do something similar or have the same issue.
Thank you.

bamira's Profile:
View this thread: