Password Interceptor issue

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Hello Experts,

I am working on Password Interceptor. I noticed that IIQ not detecting the updated password in AD suddenly. Earlier I noticed that Workflow gets triggered with failed that SetUpdate operation is not supported to workday. Now no workflow get Triggered after updating password in AD. Is this issue coming due to Password Interceptor service failure.

Can you please help me on two things.

  1. How to resolve password interceptor issue and what could we do from IIQ side.
  2. How to exclude Workday from TargetApplication.
2

Just few basic steps to start the investigation:

Is password interceptor installed on every domain controller? Maybe there is a new one and password changes are happening on that one.
Once you are sure that it’s installed on EVERY domain controller you should turn on the logging ( PwdClient.exe –l “3” ) on every domain controller. then make a password change and you should see that change in one of the log files. If you don’t see it, it means that interceptor in not working (one way to fix it is reinstalling). If you do see the password change in the log then communication of interceptor with IIQ may be the problem and you should investigate that area.

Regards
Alek

2 Likes
3

Hi @niket345 in addition to what was mentioned by @aleksander_jachowicz here for your first question…

Here you are the answer for the second one:

Instead of excluding the application, you can do the reverse(i.e. mention the applications where you want the password change to be propagated) in the “Password Intercept” workflow. To achieve the above, you need to do the following two things:

  1. In the Password Intercept workflow, there is a process variable “syncAll” . The value of this variable is true by default. First of all, set it’s value to false

  2. There is another process variable “targetApplications” in the workflow. Provide the name of applications as CSV or list(string) to which we want to propagate the password change.

Please let me know if it helps.

4

Hi @niket345,

Answer to your first query:

There are two possibilities.

  1. The password filter dll is not loaded correctly: After the Active Directory Password Interceptor Service is installed, the Domain Controller must be restarted.
  2. IdentityIQ server information is not correct or a firewall is blocking https requests to the IdentityIQ server: Validate that the IdentityIQ URL, network path, ports and Active Directory application name and IdentityIQ admin credentials are correct. Add an exception for appropriate port and server hosts in the firewall rules.

Answer to the Second query:
Sample information -

<Variable editable="true" initializer="false" name="syncAll">
    <Description>
      Set to true to enable full synchronization over all
      accounts.
    </Description>
  </Variable>
  <Variable editable="true" initializer="string:Oracle ERP" name="targetApplications">
    <Description>
      Set to a csv or List(String) of Application names that will be synchronized.
    </Description>
  </Variable>
5

@niket345 - Thanks for marking my suggestion as the solution. It means a lot and motivates me to contribute more solutions in the future!

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.