Migrating Classic Passwords to Redesign
This page describes an experimental feature of USAS and USPS Redesign applications that may assist in migration of user passwords from Classic to Redesign. The feature is believed to be functioning but has not undergone adequate or recent testing.
When a district migrates from Classic to Redesign, it is necessary to set new passwords on the imported Redesign user profiles. Because passwords are one-way encoded on OpenVMS, it is not possible to extract OpenVMS passwords for importing. The normal practice is to manually set new passwords.
However, for districts with a large number of users, this may create a burden and hinder smooth migration. In this case, it may be desirable to assist users in migrating the password. The Redesign applications contain an optional module named "Legacy Password Migration
".
If enabled and configured, the Redesign authentication system will check the Redesign local profile, and any configured ADS and LDAP authentication sources. If those authentication methods fail, it will attempt to authenticate against the configured Classic SOAP service. If the Classic authentication succeeds, then the password will be treated as expired. The user will then be able to use the "Password Change" page in the application to change the "expired" password.
This module will not automatically set the Classic password into Redesign. It's only purpose is to identify a valid user and allow them to set a new password. The user profile in the Redesign application must be active (enabled, not expired, etc) in order for this process to work.
Step-by-step guide
Use the steps below to configure the password migration feature:
Use
System → Modules
to enable the "Legacy Password Migration" moduleRestart the application
Use
System → Configuration
option and set:The "Enabled" checkbox
In Legacy SOAP Endpoint, enter end point URL of an instance of Classic USAS or USPS SOAP. This will in the form:
https://youritc.org/usassoap/services/USASWS
It's valid to use the USAS (or USPS) endpoint for both Redesign applications. The module only uses the "login" operation of the service that is compatible with both Classic SOAP API's.
This module is not intended to remain active for extended periods. ITC's are encouraged to disable the configuration and uninstall the module after all, or most, users have migrated to the new system.