PWM – Open Source Password Self Service with OpenLDAP – User Interface – Account Information

PWM – Open Source Password Self Service with OpenLDAP – User Interface – Account Information

When we login in PWM, we get the following screen.  The next option to discuss here is ‘Account Information’ option.  ‘Account Information’ provides information about our password and password policies. This option is useful, if we wish to review password policies, account details or password history.

Click on ‘Account Information’ in the above screen, and we get the following screen.  The screen below shows three tabs.  First tab is Account Information that shows various attributes as described below:

  • Username: The current user login name.
  • Password Expired: It is a flag that is True is the password has already expired and false otherwise.
  • Password Pre-Expired: It is a flag that is True, if the password expire time is within the ‘preExpireTime’ setting and false otherwise.
  • Within Warning Period: It is the period during which PWM warns the user that the password is going to expire in near future.
  • Violates Password Policy: If the password is not as per Password policy, and it is set from outside PWM, this flag will show if password confirms to Password Policy or not.
  • Password Set Time: It is the timestamp when the password is set for this user.
  • Password Set Time Delta: It calculates the time difference when the password is set with respect to current time.
  • Password Expiration Time: It is the date and time when the password is set to expire.
  • Responses Stored: It is a flag that is true if the security responses are stored for this logged in user and false otherwise.
  • Stored Responses Timestamp: It is the timestamp when the security responses are stored for the user.
  • Network Address: It the IP of the machine and for this test machine it is 192.168.0.110
  • Network Host: It is the hostname of the machine.
  • Logout URL: If Logout URL is defined in ‘Configuration Manager’ of PWM, it shows what is configured as Logout URL.  It is to set a destination url when user logs out of PWM.
    URL to redirect user to upon logout. If the site is being accessed through a web authentication gateway, the Logout URL should be set to the gateway’s Logout URL. If you are using a gateway and do not include the proper logout URL here, then users will almost certainly get authentication errors, intruder lockouts and other problems. If things are working properly then the user should see the gateway logout screen when logging out.
    The Logout URL can be set to any desired relative or absolute URL. At the time the user’s browser requests this url, the local session will have already been invalidated.
    This setting can always be overridden for any given user session by adding a logoutURL parameter to any HTTP request during the session.
  • Forward URL: If Forward URL is defined in ‘Configuration Manager’ of PWM,, it shows what is configured as Forward URL. After completing any activity which does not require a logout, the user will be forwarded to this url.
    This setting can always be overridden for any given user session by adding a forwardURL parameter to any HTTP request. If blank, the user will be forward to the application menu.

The Password Policy tab shows the password policy that is currently set using Configuration Manager settings in PWM.  This policy may be defined as Local policy or LDAP policy or a combination of both.  The rules that are enforced by this password policy are shown in the following figure:

The Password History tab shows timestamps for different events as shown in the following figure.  These events are:

  • Authentication
  • Create Account
  • Authentication
  • Setup Password Responses
  • Change Password
  • Authentication
  • Update Attributes


Back to PWM – Open Source Password Self Service with OpenLDAP – User Interface