11-07-2016 11:48 AM
Hi team,
My customer plans to migrate to ISE and today they use the UCP feature in ACS to change enable passwords. Will this feature be included in ISE?
Thanks,
Diego
Solved! Go to Solution.
11-07-2016 12:37 PM - edited 06-27-2019 11:00 AM
Changing passwords in ISE portals are not available for external ID stores today (active directory).
Access the Command-Line Interface to Change the Enable Password would work for AD users, however.
Behavior
1. User logins with old credentials
2. After click on "OK" button he redirecting to "Change password" page. "My devices" page is hidden.
3. After success changing password he got an alert password change is complete. (Using ISE browser will see My Devices Portal in background)
4. After click on "Ok" button he redirecting to "Login" page.
After login again goes through same process over again
There are 3 scripts, one for my devices and one for the password change page as well.
The password change functionality in ISE only works for internal user accounts and can be done via the Sponsor or My Devices Portals, ISE cannot change the enable password
These steps will change the behavior of the MYdevices Portal to send the user to password change immediately after they login to the portal. The script automatically selects password change. After the user changes the password there is no indication besides it returning the use to the my devices page where the user should sign-out
See this doc with working with javascript to understand how to use it
Information on the script.
If you don't have this script the user will have to select password change in the upper right of the portal. This hides everything to the user so they only go to the password change screen (you may briefly see the My Devices page if your delay value below is not correct and needs to be tuned)
2.4 my devices page script <script> $(document).on('pageshow', function() { $('.ui-panel-content-wrap').hide(); var error = $('.cisco-ise-errors'); var hasErrors = error.length > 0; var passwordChanged = sessionStorage.getItem('passwordChanged') == "true"; if (passwordChanged) { alert('Password has been changed successfully.'); sessionStorage.setItem('passwordChanged', false); document.forms['logout'].submit(); } else if (!passwordChanged){ document.forms['changePasswordPreLoad'].submit(); } }); </script>
Login Page Script <script> $(document).on('pageshow', function() { sessionStorage.setItem('passwordChanged', false); }); </script>
This is delay (200). If you have slow ISE server, you should raise this delay to 500 or sometimes to 1000 (ms).
The reason of using this delay is for those have a latent connection to the PSN
Sometimes, when page is loaded fast, you can see how one button of colour changing to another (when PC is fast).
Please adjust to your liking
On the change password page put this in under Optional Content, this will log you out of the portal after you change the password so the user doesn't get in a loop going back to change password. It also presents a message after the password is changed to tell them
You will need to replace the portal ID below with the one from your My Devices Portal, this can be found in your browser URL bar
portal=71180af0-e387-11e6-aeb1-005056873bd0
2.4 code script for change password <script> setTimeout(function(){ sessionStorage.setItem('passwordChanged', false); $('#ui_changepwd_cancel_button').attr('href', 'javascript:document.forms["logout"].submit()'); $('#ui_changepwd_submit_button').on('click', function(evt){ sessionStorage.setItem('passwordChanged', true); }); }, 1000); </script>
11-07-2016 11:54 AM
There is no native User change password portal in ISE but I have posted a way to make the My Devices Portal into a password change portal. This is for internal accounts and not for the enable password change, for product feature request please reach out to the ISE Product Managers internally through account team.
ACS to ISE comparison
11-07-2016 12:37 PM - edited 06-27-2019 11:00 AM
Changing passwords in ISE portals are not available for external ID stores today (active directory).
Access the Command-Line Interface to Change the Enable Password would work for AD users, however.
Behavior
1. User logins with old credentials
2. After click on "OK" button he redirecting to "Change password" page. "My devices" page is hidden.
3. After success changing password he got an alert password change is complete. (Using ISE browser will see My Devices Portal in background)
4. After click on "Ok" button he redirecting to "Login" page.
After login again goes through same process over again
There are 3 scripts, one for my devices and one for the password change page as well.
The password change functionality in ISE only works for internal user accounts and can be done via the Sponsor or My Devices Portals, ISE cannot change the enable password
These steps will change the behavior of the MYdevices Portal to send the user to password change immediately after they login to the portal. The script automatically selects password change. After the user changes the password there is no indication besides it returning the use to the my devices page where the user should sign-out
See this doc with working with javascript to understand how to use it
Information on the script.
If you don't have this script the user will have to select password change in the upper right of the portal. This hides everything to the user so they only go to the password change screen (you may briefly see the My Devices page if your delay value below is not correct and needs to be tuned)
2.4 my devices page script <script> $(document).on('pageshow', function() { $('.ui-panel-content-wrap').hide(); var error = $('.cisco-ise-errors'); var hasErrors = error.length > 0; var passwordChanged = sessionStorage.getItem('passwordChanged') == "true"; if (passwordChanged) { alert('Password has been changed successfully.'); sessionStorage.setItem('passwordChanged', false); document.forms['logout'].submit(); } else if (!passwordChanged){ document.forms['changePasswordPreLoad'].submit(); } }); </script>
Login Page Script <script> $(document).on('pageshow', function() { sessionStorage.setItem('passwordChanged', false); }); </script>
This is delay (200). If you have slow ISE server, you should raise this delay to 500 or sometimes to 1000 (ms).
The reason of using this delay is for those have a latent connection to the PSN
Sometimes, when page is loaded fast, you can see how one button of colour changing to another (when PC is fast).
Please adjust to your liking
On the change password page put this in under Optional Content, this will log you out of the portal after you change the password so the user doesn't get in a loop going back to change password. It also presents a message after the password is changed to tell them
You will need to replace the portal ID below with the one from your My Devices Portal, this can be found in your browser URL bar
portal=71180af0-e387-11e6-aeb1-005056873bd0
2.4 code script for change password <script> setTimeout(function(){ sessionStorage.setItem('passwordChanged', false); $('#ui_changepwd_cancel_button').attr('href', 'javascript:document.forms["logout"].submit()'); $('#ui_changepwd_submit_button').on('click', function(evt){ sessionStorage.setItem('passwordChanged', true); }); }, 1000); </script>
11-12-2018 02:18 AM
Hi, I have an ISE Version 2.4 patch level 3 for my customer and we should have the posibility that the user could change theyr password.
I try to use this script, but with ISE 2.4 it dose not work any more.
Have some one an update for this script or an other solution ?
thank you
04-22-2019 01:12 AM
Hi Jason,
This is really helpful and I'm now able to change the internal password through My Devices, but since My Devices need a Plus license and my customer doesn't have a Plus license. do you have a guide that can instruct me in changing user password through Sponsor?
Thanks in advance.
04-22-2019 07:21 AM - edited 11-01-2019 05:41 AM
We don’t have a customization through sponsor portal as its too complex. The password change works the same. Just tell your users it will look like this.
Or you can create your own with API as seen in the customization section here:
https://community.cisco.com/t5/security-documents/ise-byod/ta-p/3641689#toc-hId-1174971897
01-19-2017 09:26 PM
Hi All, i have tried with same procedure, after login page we got blank screen, please suggest me how to get change password page after login page.
01-23-2017 07:12 AM
I updated the 1st script please try that, also what browser and ISE version are you using if still problems
03-21-2017 09:50 AM
I followed your instructions, and everything through the first script works fine (step 7). The user is prompted to change password, the password gets changed, but then you see the "change password" screen again (the loop that was mentioned).
In an attempt to fix this loop, I added the 2nd script in the "change password page" under Optional Content1 by toggling the html button, and it broke the password change function. Now after the initial log in, the browser just hangs. I also tried it in optional content 2, with no difference. I am running ISE 2.1 and Firefox 52.0, 32 bit. How can I get this to work?
Thanks-
03-21-2017 04:34 PM
Jason,
Thank you for your reply! I have carefully cut and pasted the script, paying careful attention not to include extra spaces, and toggled the html screen. I tried numerous times but got the same result of the browser hanging. Then I tried omitting the following 2 lines:
var logoutUrl = $('.ui-popup-container .ui-btn-icon-right:nth-child(3) a').attr('href');
window.location = logoutUrl;
and it worked fine. I get the pop-up alert that says 'Password has been changed', and the change is successful when tested.
But then of course it takes you back to the previous screen. It still may be ok this way because at least the user gets the confirmation that their change was successful. It is probably useable this way, but I can't figure out why the logout part of the script is not working for me though.
Thanks!
v/r
Julie
03-22-2017 05:14 AM
I added new script in the original reply at the end, please try
03-22-2017 09:17 AM
I will try the new script, but I started seeing "error loading page" messages on the password change page when trying to submit the password change. I have tried creating a new portal with only the first script and settings, and have tried stopping and restarting the ise app, but no luck getting past this error. I don't know why this has started appearing.
03-22-2017 09:25 AM
Is this with a clean portal and no javascript? If so please work with TAC sorry
03-22-2017 09:28 AM
Yes, clean portal and just your first script. I will have to contact the TAC before proceeding with your new script. Thanks-
03-22-2017 09:30 AM
How about without any script
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide