Password Reset Plugin

Password Manager Pro primarily provides out-of-the-box support to enforce automatic remote password reset for a wide range of commonly used resource types such as Windows local accounts, Windows domain accounts, Linux root accounts, etc. In addition to this, the Password Reset Plugin feature enables you to add your own implementation class and enforce automatic password resets for resources that are not supported by Password Manager Pro out-of-the-box such as legacy resource types, in-house applications, etc.

With the plugin, you can also leverage access control for legacy accounts and enable automatic reset of passwords instantly upon usage.This way, the passwords of these accounts will serve as one-time passwords that are reset after every use via the associated plugin.

How does a password reset plugin work?

Password Reset Plugin is primarily an implementation class that an administrator has to manually add in Password Manager Pro. The plugin can be invoked from Password Manager Pro server to connect to a remote resource and carry out a password reset. Password reset plugins can be configured individually for resources that are of user-defined resource types.

When you trigger a password reset for a resource belonging to a custom resource type for which a password reset plugin has been associated, then PMP will invoke the interface methods of that plugin. Once invoked, the plugin will first connect to the remote resource and try to reset the password of the resource. If the remote password reset is successfully completed by the plugin, PMP will subsequently update the new password it its repository.  In addition to this, the plugin helps you verify whether the password of a remote resource is in sync with the one saved locally in PMP's repository.

Who can add password reset plugins?

Password Reset Plugins can be added only by users with either the default administrator roles or custom roles that are provisioned with the "Manage Password Reset Plugin" scope under the operation category, "Custom Settings." Besides, all plugins added should also be approved by a second administrator to guard against potential risks associated with invoking arbitrary plugins.

Approving a recently added password reset listener:

If you are an administrator, and another administrator requests you to approve the addition of a password reset plugin, you need to:

  • Navigate to Admin >> Customization >> Password Reset Plugin.
  • Click the link under Approval Status column, beside the plugin which has to be approved.

The plugin creation, edition, deletion, and approval events are all audited for future reference.

How to add a password reset plugin?

Summary of steps:

  1. Create your implementation class
  2. Compilation
  3. Implementation tips
  4. Configurations in Password Manager Pro installation

Step 1: Create your implementation class.

Write a java class by implementing the RemotePasswordReset interface:

                                   public interface RemotePasswordReset
   {
        public boolean changeRemotePassword(Properties resetPropsprop) throws Exception;
        public String getErrorMessage() throws Exception;
        public boolean verifyRemotePassword(Properties verifyProps) throws Exception;
        public boolean isDeviceAvailable(Properties verifyProps) throws Exception;
  }
                                

Implementaion description:


// This class provides the methods to implement password reset plugin. You need to implement the interface 
public interface RemotePasswordReset 
{
/**
* Used to display the error message while doing the password reset and verification operations. The output gets reflected in audit trails. * @return Error message, if password reset is successful, return null. Otherwise, return a proper error message. */
public boolean changeRemotePassword(Properties resetProps) throws Exception; /** Actual function that will be called whenever "change remote password" functionality is triggered  *@param resetProps will contain all the details regarding the account for which password reset is triggered. * @return Final output that will be sent to PMP server. * {@value true} Success case - Allows the operation to proceed.    * {@value false} Failure case - Denies the operation to proceed.  **/
                public String getErrorMessage() throws Exception;   /*** Used to display the error message while doing the remote password reset and verification operations. The output gets reflected in audit trails.   * Return a proper error message.   */ 
public boolean verifyRemotePassword(Properties verifyProps) throws Exception;   /** This function will be called whenever "verify remote password" functionality is triggered.  *@param verifyProps will contain all the details regarding the account for which "verify remote password" was triggered. *@return Final output that will be sent to PMP server.  *{@value true} Success case - Allows the operation to proceed.    *{@value false} Failure case - Denies the operation to proceed. **/
public boolean isDeviceAvailable(Properties verifyProps) throws Exception; } /** This function will be called before "verify remote password" function to check the accessibility of the device for which verify password was triggered. *@param verifyProps will contain all the details regarding the account for which verify remote password was triggered.  *@return Final output that will be sent to PMP server.    *{@value true} Success case - Allows the operation to proceed.    *{@value false} Failure case - Denies the operation to proceed. **/ 

Step 2: Compilation

     	<PMP_HOME>\lib folder.
AdventNetPassTrix.jar;
json_simple-1.1.jar;
For Example,
javac -d . -cp AdventNetPassTrix.jar;json_simple-1.1.jar; JiraServerResetImplementation.java - (For Windows)
javac -d . -cp AdventNetPassTrix.jar:json_simple-1.1.jar;  JiraServerResetImplementation.java - (For Linux)
     

Step 3: Implementation Tips

You can implement your class in such a way that properties of resources (resources and accounts in PMP) are obtained as arguments. You may obtain the value of any property from the list of keys listed below.

resetProps.get("RESOURCEID");

Returns a Long object of the resource ID.

resetProps.get("ACCOUNTID");

Returns a Long object of the account ID.

resetProps.get("OLDPASSWORD");

Returns a String object of the account's old password.

resetProps.get("NEWPASSWORD");

Returns a String object of the account's new password that has been set.

resetProps.get("RESOURCENAME");

Returns a String object of the resource name.

resetProps.get("DNSNAME");

Returns a String object of the resource's DNS name.

resetProps.get("ACCOUNTNAME");

Returns a String object of the account name.

resetProps.get("OSTYPE");

Returns a String object of the resource's OS type.

resetProps.get("NOTES");

Returns a String object of the notes present under the account details.

resetProps.get("LOGINNAME");

Returns a String object of the login name of the user who initiated the password reset.

resetProps.get("IPADDRESS");

Returns a String object of the IP address of the resource.

resetpresetPropsrops.get("RESOURCEDETAILS");

Returns a ResourceDetails object that contains all other details of the resource.

Step 4: Configurations in Password Manager Pro installation

  1. Before you add a password reset plugin for a resource type that is not already present in Password Manager Pro, you need to add the resource type by navigating to Admin >> Customization >> Resource Types >> Add.
  2. After adding the resource type, add the plugin in Password Manager Pro by navigating to Admin >> Customization >> Password Reset Plugin.
  3. Click on the Add Password Reset Plugin tab.
  4. In the dialog box that opens, give a suitable name to your plugin beside Plugin name field.
  5. Specify the name of the Implementation Class, for example, com.manageengine.helpdesk.JIRASecretResetPlugin.
  6. Choose the Resource Type for which you want to use the plugin to reset the associated resource passwords. This dropdown will list all the custom resource types in Password Manager Pro.
  7. Send Approval Request to another administrator from the dropdown; an email will be sent to them regarding the approval request. In addition to this, all the administrators apart from you will be notified of the request, and any of them can approve it by navigating to Admin >> Manage >> Password Access Requests.
  8. After the approval, this plugin will be invoked whenever you trigger remote password reset for the associated resources of the  custom resource type.

For further information, refer to this sample implementation class created to reset the user account passwords of Jira Service Desk. You can implement this code in the password reset plugin and reset the passwords of Jira Service Desk.

©2014, ZOHO Corp. All Rights Reserved.

Top