Using different password change page after login

phillipmelmoth · ‎04-24-2017

When users are required to reset their password on login, the system redirects them to login_cpw.do

However, we have a Self-Service Password Change process defined which uses $pwd_change.do

Does anyone know how to use this process at login instead of login_cpw.do? Simply overriding login_cpw to $pwd_change would do the trick but I can't find where to do that.

Reason why they use two different password strength rule codes for both. $pwd_change uses the Credential Store rules and login_cpw uses ValidatePasswordStronger Installation Exit. The two systems look and work independently of each other.

James_Neale · ‎05-22-2017

Hey Phil,

I tried doing this myself. It turns out that login_cpw.do pulls down the global UI Scripts, so I thought, great, this is easy, and added this script to perform a simple redirect:

(function () {

   var url = '$pwd_change.do';

   if (window.location.pathname.indexOf('/login_cpw.do') > -1) {

       jslog('redirecting to ' + url);

       window.location = url;

   }

})();

This worked. And didn't.

It turns out that ServiceNow force a redirect back to login_cpw.do! That's a 302 redirect you can see below coming from $pwd_change.do.

However, I did find a workaround:

1. Add a custom 'Password needs reset' checkbox to the User table and hide the original one - don't use it.

2. Modify your reset policies to use the new field.

3. Use a custom page (Content Management) to redirect to the $pwd_change page.

Page layout:

Page:

4. Add a Login Rule that checks if the custom 'Password needs reset' is true and then direct to your redirect page.

A couple of points:

- I've only checked this with the standard sign-in approach.

- There are definitely drawbacks (such as the fact the user could circumvent the password reset by just changing the URL), but it may work for what you need and you can probably add more checks to ensure the user does reset their password.

Cheers!

James

phillipmelmoth · ‎05-23-2017

Hi James

Good to hear from you again...

I'll try out the ideas you've posted. It's not extremely crucial but would have been nice to use the Password Reset version as it's slicker, and also not have to maintain password strength rules in separate areas. It's all come up because we've upgraded to Istanbul and I had to do a bit of work on the Password Reset processes.

But oh well, it will depend how far we want to go to achieve this.

shivanipatel · ‎06-02-2017

Phillip,

We are glad you took advantage of the ServiceNow Community to learn more and to get your questions answered. The Customer Experience Team is working hard to ensure that the Community experience is most optimal for our customers.

If you feel that your question was answered, we would greatly appreciate if you could mark the appropriate thread as "Correct Answer". This allows other customers to learn from your thread and improves the ServiceNow Community experience.

If you are viewing this from the Community inbox you will not see the correct answer button. If so, please review How to Mark Answers Correct From Inbox View.

Thanks,

Shivani Patel

phillipmelmoth · ‎06-27-2017

This may need to turn in to an enhancement request if it is confirmed that there is no way to override the login screen from redirecting users to "login_cpw.do" when they need to change their password on login.

The method James provided is a helpful alternative method however there is not enough of a problem for us to implement this way.

It would be better if the login screen was able to use "$pwd_change.do" to change the password rather than "login_cpw.do" and that question remains outstanding.