Skip to content
CA API Gateway - 9.3
Documentation powered by DocOps

Change CA SSO User Password Assertion

Last update August 3, 2018

The Change CA Single Sign-On User Password assertion lets you change a user's password in CA SSO user directory.

Using the Assertion

  1. Do one of the following:
    • To add the assertion to the Policy Development window, access Assertions tab, Policy AssertionsAccess Control Assertions and drag and drop the Change CA Single Sign-On User Password assertion into the policy development window.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the Change CA Single Sign-On User Password Properties automatically appear; when modifying the assertion, right-click Change CA Single Sign-On User Password in the policy window and select Change CA Single Sign-On User Password Properties or double-click the assertion in the policy development window. 
    The assertion properties are displayed.
  3. Configure the properties as follows:

    Setting Description
    Configuration Name Specifies the CA Single Sign-On Configuration to use. This configuration is defined using the Manage CA Single Sign-On Configurations task.
    Domain Object ID

    Specifies the object ID of the domain. This value can be set to ${<prefix>.smcontext.realmdef.domoid}, which is set by the Check Protected Resource Against CA Single Sign-On Assertion.

    Username Specifies the username.
    Old Password Specifies the old password.
    New Password Specifies the new password.
  4. Click OK.

Context Variable

If the assertion fails to change the user's password, it sets the following context variable:

Context Variable Type Description
reasonCode integer Specifies the change password failure reason code that is returned from CA SSO.

The reasonCode context variable is set only if SmDmsUser#changePassword(String newPassword, String oldPassword, boolean doNotRequireOldPassword) method in DMS API fails. If the assertion fails for any other reason (that is, it cannot connect to CA Policy Server, it cannot find user in the user directory, and so on), the reasonCode context variable is not set.

Was this helpful?

Please log in to post comments.

  1. Casey Gibson
    2018-09-13 06:21

    I am not seeing this assertion in the 9.3 Gateway. Am I missing something?

    1. Mark O'Donohue
      2018-09-26 10:12

      Hi Casey, it is added in Gateway 9.3 CR3 (search for DE361445 gives it )