av25474

password change in first login

Discussion created by av25474 on Jun 23, 2016
Latest reply on Apr 17, 2017 by Alberto Ruiz

Hi all,

 

In our institution we have two kinds of users, in relation with their authetication method. For those users that use the "Learn default" authentication, we would like to force them, to change their passwords in the first login to Blackboard, due to security reasons. Anyone else have a similar issue?

 

We are trying to add this functionality in the login page (webapps/login/login.jsp), catching the user_id and password before it is send to the platform, and, trying to check some points: Validate user/password using our code, and if they are correct, check the user.getLastLoginDate() . But we are stuck in the first point

There is a user.getPassword() method that returns a string like this:

{SSHA}HmacSHA512:SHA-512:3000:aZSbcYNpD9nbP/WbKLaY/ERyQq5PRarG+y7q7CoM/o7UNMCDHUbgEH+AOSTPwyjXONsZYqJRq3B6MBvknw+UMg==:06iYIyAzgXNmidlpZ/cYzjwyBDzuJT2ZZkprh78KPSAxTk0Il2cvEl0cF2SuELUnIQ9puXC2k/F0l71/GbApng==

 

Is there a method to generate this string using the "password" field introduced by the user. Our idea is compare both strings and if they matches, go ahead with the next steps..

 

Or, maybe is there other method totally different, in order to force a user to change his password?

 

 

Regards,

Alberto Campos

Outcomes