Thursday, September 01, 2011

FIM 2010 R2 Beta: Changing the Web Based Password Reset Page After Install

First post on FIM 2010 R2 Beta…

FIM 2010 R2 provides a new based password reset option.  For more info on the feature, check out Anthony Ho’s post.

When you install the new Web Based Password Registration and Reset applications (web sites), you are asked if the site is an extranet site or not.  Specifying it as extranet tells FIM to present the additional QA Gate for added security.  However it isn’t readily apparent how to change it after install.  You can uninstall it and re-install it, but the reinstall forces you to go through the entire install for the FIM Service, Portal, etc.  Turns out there is an easier way.

Simply edit the web.config file for the application, which (by default) you can find at:

C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Registration Portal

or

C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Portal

Edit the web.config file by changing this line:

<add key="SecurityContextAssertion" value="Extranet" />

Valid values are “Extranet” or “NoneSpecified”.

I had no problems editing this line and getting the change to take effect for the Reset page, but with the registration page, I continually got the Extranet QA Gate to answer.  I suspect that’s by design as I need to answer the questions for both QA Gates so that I am ready to reset from either option.