Symptoms
Web Interface 4.x connects to a MetaFrame Presentation Server 3.0 server for a user account set to “User must change password at next login.” When the user attempts to log on, the Web Interface responds with the error message:
“Your user credentials have expired.”
The user is never given the option to change password.
Cause
An error in MetaFrame Presentation Server version 3.0 and earlier is to respond with “account-expired” on login both when the user’s password has expired and when the account itself has expired. Earlier versions of Web Interface offered password change on getting the “account-expired” response. Citrix Presentation Server 4.0 was corrected to distinguish password expiry with a different response, and in version 4.0 the Web Interface was changed to correspond. However, this means that when used with earlier MetaFrame Presentation Server versions it never gets a response it can interpret as password expiry.
Resolution
A Web Interface script file can be modified to behave as in previous releases for logon responses.
Web Interface 4.0 and 4.2
For an ASP site:
/auth/explicit.aspx, line 99, rewrite:to read:
} else if ((result == AccessTokenValidationResult.FAILED_SECRET_EXPIRED) ||For a JSP site:
/auth/explicit.jsp, line 52, rewrite:to read:
} else if ((result == AccessTokenValidationResult.FAILED_SECRET_EXPIRED) ||Web Interface 4.5
For an ASP site:
/auth/explicit.aspx, line 116, rewrite:
} else if (result.getValidationResult() == AccessTokenValidationResult.FAILED_SECRET_EXPIRED) {
to read:
} else if ((result.getValidationResult() == AccessTokenValidationResult.FAILED_SECRET_EXPIRED) ||
(result.getValidationResult() == AccessTokenValidationResult.FAILED_ACCOUNT_EXPIRED)) {
