[acnt-mgt] stanza

Use the [acnt-mgt] stanza to configure the WebSEAL account management pages.

• account-expiry-notification
  Use the account-expiry-notification stanza entry to control how WebSEAL reports login failures caused by invalid or expired accounts.
• account-inactivated
  Use the account-inactivated stanza entry to configure the page that WebSEAL displays when a user with an inactive account tries to log in with the correct password.
• account-locked
  Use the account-locked stanza entry to configure the page that WebSEAL displays when a user authentication fails because the account is locked.
• allow-unauthenticated-logout
  Use the allow-unauthenticated-logout stanza entry to control whether unauthenticated users can request the pkmslogout resource.
• allowed-referers
  Use the allowed-referers stanza entry to specify which referrers can request management pages.
• cert-failure
  Use the cert-failure stanza entry to specify the page displayed if certificates are required and a client fails to authenticate with a certificate.
• cert-stepup-http
  Use the cert-stepup-http stanza entry to specify the error page that WebSEAL displays if a user attempts to increase the authentication strength level to certificate authentication from an HTTP session.
• certificate-login
  Use the certificate-login stanza entry to specify the login request form that WebSEAL uses for client-side certificate authentication.
• change-password-auth
  Use the change-password-auth stanza entry to control whether the user is automatically authenticated, if required, during a change password request.
• client-notify-tod
  Use the client-notify-tod stanza entry to control whether WebSEAL displays an error page if authorization is denied as a result of a POP time of day check.
• default-response-type
  Use the default-response-type entry to specify the response type of WebSEAL generated responses when the 'accept' and 'content-type' headers are missing from the request.
• enable-html-redirect
  Use the enable-html-redirect stanza entry to enable HTML redirection. We can use HTML redirection, in conjunction with some JavaScript code, to preserve the HTML fragment in the response.
• enable-local-response-redirect
  Use the enable-local-response-redirect stanza entry to enable or disable local response redirection. When local response redirection is enabled, the redirection is used for all local WebSEAL response types: login, error, informational, and password management.
• enable-passwd-warn
  Use the enable-passwd-warn stanza entry to configure WebSEAL to display a password warning form when it detects the REGISTRY_PASSWORD_EXPIRE_TIME attribute in the user credential at login. This attribute indicates the user password is soon to expire.
• enable-secret-token-validation
  Use the enable-secret-token-validation stanza entry to enable secret token validation, which protects certain WebSEAL account management pages against cross-site request forgery (CSRF) attacks.
• help
  
• http-rsp-header
  
• html-redirect
  
• login
  
• login-redirect-page
  
• login-success
  
• logout
  
• oidc-fragment
  Use this entry to define the page to be displayed during an OIDC implicit authentication flow.
• passwd-change
  
• passwd-change-failure
  
• passwd-change-success
  
• passwd-expired
  
• passwd-warn
  
• passwd-warn-failure
  
• single-signoff-uri
  
• stepup-login
  
• switch-user
  
• temp-cache-response
  
• too-many-sessions
  
• use-restrictive-logout-filenames
  
• use-filename-for-pkmslogout
  

Parent topic: Stanza reference