As the ACS evolved, one of the less known features of ACS has also evolved at a significant level: User Change Password (UCP). If you had Cisco Secure Access Control Server version 4.x, 3.x or earlier; and you only required a local ACS database for user account management, then you are familiar it. This is a service which lets users change their account password through a GUI based interactive interface (for both ACS 4.x and ACS 5.x) or CLI of their operating systems (only for ACS 5.x).
The User Change Password (UCP) service allows users defined in the ACS internal database to first authenticate themselves, and then change their own password. This service can be utilized to aid the IT staff by lowering the requests for password change. A permanent link or tool can be provided to users to facilitate their own password change.
The UCP service available in ACS 5.x can be used to create custom web-based applications and that can be deployed in an enterprise’s internal/external web portals to facilitate user password change as self-help.
In this article I will cover UCP under two main sections.
- UCP through HTTP(S).
- UCP through Command Line.
UCP through HTTP(S)
To enable password change through GUI for ACS local database users, broadly we need to follow these steps:
- Enable UCP ACS web interface on ACS.
- Configure web server to cater UCP GUI interface.
We will use the following, in addition to ACS:
- Ubuntu 10.04.1 LTS
- Apache Tomcat 6.0.24 (To server JSP pages)
Let us begin with configuring UCP through HTTP(S):
- Get the required files to deploy on web server from ACS. Navigate to System Administration > Downloads > User Change Password > UCP web application example, as shown in figure 1.
- Install and start the tomcat service.
- Place the extracted files from ‘UCP.war’ from step 1 under /var/lib/tomcat6/webapps/ROOT:
- Enable UCP ACS web interface on ACS:
- Check the UCP GUI page to ensure that password change is working using HTTP.
- Enable SSL on UCP GUI.
){kind=small}
ACS will ask you to save ‘UCP.war’ file. Save it.
export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk/ sudo aptitude install tomcat6 tomcat6-admin tomcat6-common sudo /etc/init.d/tomcat6 start or sudo service tomcat6 start
$ ls /var/lib/tomcat6/webapps/ROOT/ cisco_logo.JPG index.jsp META-INF WEB-INF $
acs52/admin# show acs-config-web-interface migration interface is enabled ucp interface is disabled view interface is enabled acs52/admin# acs52/admin# acs config-web-interface ucp enable acs52/admin# show acs-config-web-interface migration interface is enabled ucp interface is enabled view interface is enabled acs52/admin#
Access the tomcat server using any browser, at http://<tomcat-server-ip>:8080.
You should see output as shown in figure 2.
){kind=small}
Now, ensure that password change is works. Use any local account on ACS local database and try to change its password using the UCP GUI interface as shown in figure 3 and figure 4.
){kind=small}
){kind=small}
If you try to use a wrong password, you will page as shown in figure 5.
){kind=small}
Create a certificate key store by executing following command:
/usr/lib/jvm/java-1.6.0-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA
Where /usr/lib/jvm/java-1.6.0-openjdk is my JAVA_HOME (refer to step 2).
The keystore location would be under your home directory; for example, for user ‘pbanga’ it would be /home/prem/.keystore.
Create a backup of default server.xml file:
~$sudo cp /var/lib/tomcat6/conf/server.xml /var/lib/tomcat6/conf/server.xml.orig
Locate the following code in server.xml file and uncomment it.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Now add the keystore that we created above as
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/pbanga/.keystore" />
Restart the Tomcat 6 service:
~$sudo service tomcat6 restart * Stopping Tomcat servlet engine tomcat6 [ OK ] * Starting Tomcat servlet engine tomcat6 [ OK ]
At this stage, if you launch a web browser at https://<tomcat-server-ip>:8443, you should be able to establish a secure connection as shown in figure 6.
){kind=small}
It would also be good to add automatic re-direction, to ensure that if anyone tries to use HTTP it gets re-directed to HTTPS connection automatically.
To enable automatic re-direction we need to make a change in file /var/lib/tomcat6/conf/web.xml
Put the below code under </welcome-file-list> and right above </web-app>.
<security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <!– auth-constraint goes here if you requre authentication –> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Now restart Tomcat 6 service.
~$ sudo service tomcat6 restart * Stopping Tomcat servlet engine tomcat6 [ OK ] * Starting Tomcat servlet engine tomcat6 [ OK ] ~$
UCP through Command Line
In this section we will see how to make use of the default script provided with ACS to enable users to change their password on ACS local database.
Let us begin with installing and configuring components that will enable UCP.
- Get the required files from ACS. Navigate to System Administration > Downloads > User Change Password > Python Script for Using the User Change Password Web Service (along with installation instructions), as shown in figure 7.
- Next we need to install Python 2.4.
- Extract the contents of pythonUCP.zip.
- Install PyXML.
- Install fpconst.
- Install SOAPPy.
- Execute UCP.py
){kind=small}
ACS will prompt you to save a file ‘pythonUCP.zip’. Save it.
For Windows we can get a windows installer for Python 2.4 from http://www.python.org/download/releases/2.4.4/.
For Linux, we can get the source and compile from above link.
I already had Python 2.6.5 installed on my Ubuntu box. To make script work we need 2.4.x, so I installed it as
~$ wget http://mirror.aarnet.edu.au/pub/ubuntu/archive/pool/main/p/python2.4/ python2.4-minimal_2.4.6-1ubuntu3.2.9.10.1_i386.deb -O python2.4-minimal.deb ~$ wget http://mirror.aarnet.edu.au/pub/ubuntu/archive/pool/main/p/python2.4/ python2.4_2.4.6-1ubuntu3.2.9.10.1_i386.deb -O python2.4.deb ~$ wget http://mirror.aarnet.edu.au/pub/ubuntu/archive/pool/main/p/python2.4/ python2.4-dev_2.4.6-1ubuntu3.2.9.10.1_i386.deb -O python2.4-dev.deb ~$ sudo dpkg -i python2.4-minimal.deb python2.4.deb python2.4-dev.deb
Extract files using any unzipping utility.
On Windows:
){kind=small}
On Ubuntu:
~$ unzip pythonUCP.zip Archive: pythonUCP.zip creating: Linux/ extracting: Linux/fpconst-0.7.2.tar.gz inflating: Linux/PyXML-0.8.4-9.i386.rpm inflating: Linux/SOAPpy-0.11.6.tar.gz creating: Windows/ inflating: Windows/fpconst.zip inflating: Windows/PyXML-0.8.4.win32-py2.4.exe inflating: Windows/SOAPpy-0.11.6.zip inflating: readme.txt inflating: ucp.py ~$ ~$ cd Linux/ ~$ ls fpconst-0.7.2.tar.gz PyXML-0.8.4-9.i386.rpm SOAPpy-0.11.6.tar.gz
On Windows, simply execute the ‘PyXML-0.8.4.win32-py2.4.exe’ file.
On Ubuntu:
~$ cd Linux/ ~/Linux$ ls fpconst-0.7.2 fpconst-0.7.2.tar.gz PyXML-0.8.4-9.i386.rpm SOAPpy-0.11.6 SOAPpy-0.11.6.tar.gz ~/Linux$ sudo alien -k PyXML-0.8.4-9.i386.rpm warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 error: incorrect format: unknown tag warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 warning: PyXML-0.8.4-9.i386.rpm: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2 pyxml_0.8.4-9_i386.deb generated ~/Linux$ ~/Linux$ sudo dpkg -i pyxml_0.8.4-9_i386.deb Selecting previously deselected package pyxml. (Reading database ... 251982 files and directories currently installed.) Unpacking pyxml (from pyxml_0.8.4-9_i386.deb) ... Setting up pyxml (0.8.4-9) ... ~/Linux$
Ensure PyXML was installed successfully,
On Windows run Python command line or GUI and confirm this as shown in figure 9.
){kind=small}
On Ubuntu:
~$ python2.4 Python 2.4.6 (#2, Jan 21 2010, 23:27:36) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import xml >>> xml.__version__ '37894' >>>
On Windows, unzip ‘fpconst.zip’ & execute as shown in figure 10.
){kind=small}
On Ubuntu:
~/Linux$ tar -xvf fpconst-0.7.2.tar.gz fpconst-0.7.2/ fpconst-0.7.2/README fpconst-0.7.2/fpconst.py fpconst-0.7.2/setup.py fpconst-0.7.2/PKG-INFO ~/Linux$ ~/Linux$ cd fpconst-0.7.2/ ~/Linux/fpconst-0.7.2$ ls fpconst.py PKG-INFO README setup.py ~/Linux/fpconst-0.7.2$ ~/Linux/fpconst-0.7.2$ sudo python2.4 setup.py install running install running build running build_py running install_lib copying build/lib/fpconst.py -> /usr/lib/python2.4/site-packages byte-compiling /usr/lib/python2.4/site-packages/fpconst.py to fpconst.pyc running install_egg_info Writing /usr/lib/python2.4/site-packages/fpconst-0.7.2.egg-info ~/Linux/fpconst-0.7.2$
Ensure fpconst was installed successfully from Python command line as shown in figure 11:
){kind=small}
On Windows extract ‘SOAPpy-0.11.6.zip’ & execute as shown in figure 12.
)
On Ubuntu:
~/Linux$ tar -xvf SOAPpy-0.11.6.tar.gz SOAPpy-0.11.6/ SOAPpy-0.11.6/SOAPpy/ SOAPpy-0.11.6/SOAPpy/wstools/ SOAPpy-0.11.6/SOAPpy/wstools/test/ SOAPpy-0.11.6/SOAPpy/wstools/test/__init__.py SOAPpy-0.11.6/SOAPpy/wstools/test/test_t1.py SOAPpy-0.11.6/SOAPpy/wstools/test/test_wsdl.py SOAPpy-0.11.6/SOAPpy/wstools/test/test_wstools.py SOAPpy-0.11.6/SOAPpy/wstools/test/test_wstools_net.py SOAPpy-0.11.6/SOAPpy/wstools/Namespaces.py SOAPpy-0.11.6/SOAPpy/wstools/TimeoutSocket.py SOAPpy-0.11.6/SOAPpy/wstools/UserTuple.py SOAPpy-0.11.6/SOAPpy/wstools/Utility.py SOAPpy-0.11.6/SOAPpy/wstools/WSDLTools.py SOAPpy-0.11.6/SOAPpy/wstools/XMLSchema.py SOAPpy-0.11.6/SOAPpy/wstools/XMLname.py SOAPpy-0.11.6/SOAPpy/wstools/__init__.py SOAPpy-0.11.6/SOAPpy/Client.py SOAPpy-0.11.6/SOAPpy/Config.py SOAPpy-0.11.6/SOAPpy/Errors.py SOAPpy-0.11.6/SOAPpy/GSIServer.py SOAPpy-0.11.6/SOAPpy/NS.py SOAPpy-0.11.6/SOAPpy/Parser.py SOAPpy-0.11.6/SOAPpy/SOAP.py SOAPpy-0.11.6/SOAPpy/SOAPBuilder.py SOAPpy-0.11.6/SOAPpy/Server.py SOAPpy-0.11.6/SOAPpy/Types.py SOAPpy-0.11.6/SOAPpy/URLopener.py SOAPpy-0.11.6/SOAPpy/Utilities.py SOAPpy-0.11.6/SOAPpy/WSDL.py SOAPpy-0.11.6/SOAPpy/__init__.py SOAPpy-0.11.6/SOAPpy/version.py SOAPpy-0.11.6/bid/ SOAPpy-0.11.6/bid/inventoryClient.py SOAPpy-0.11.6/bid/inventoryServer.py SOAPpy-0.11.6/bid/monitorClient.py SOAPpy-0.11.6/contrib/ SOAPpy-0.11.6/contrib/soap_cli.py SOAPpy-0.11.6/contrib/soap_handler.py SOAPpy-0.11.6/docs/ SOAPpy-0.11.6/docs/GettingStarted.txt SOAPpy-0.11.6/docs/GlobusSupport.txt SOAPpy-0.11.6/docs/MethodParameterNaming.txt SOAPpy-0.11.6/docs/WSDL.txt SOAPpy-0.11.6/docs/attrs.txt SOAPpy-0.11.6/docs/complexTypes.txt SOAPpy-0.11.6/docs/simpleTypes.txt SOAPpy-0.11.6/tests/ SOAPpy-0.11.6/tests/BabelfishWSDLTest.py SOAPpy-0.11.6/tests/SOAPtest.py SOAPpy-0.11.6/tests/TCtest.py SOAPpy-0.11.6/tests/TemperatureService.wsdl SOAPpy-0.11.6/tests/alanbushTest.py SOAPpy-0.11.6/tests/cardClient.py SOAPpy-0.11.6/tests/cardServer.py SOAPpy-0.11.6/tests/echoClient.py SOAPpy-0.11.6/tests/echoHeader.py SOAPpy-0.11.6/tests/echoServer.py SOAPpy-0.11.6/tests/esj_test_client.py SOAPpy-0.11.6/tests/esj_test_server.py SOAPpy-0.11.6/tests/excelTest.py SOAPpy-0.11.6/tests/largeDataTest.py SOAPpy-0.11.6/tests/newsTest.py SOAPpy-0.11.6/tests/quoteTest.py SOAPpy-0.11.6/tests/simpleWSDL.py SOAPpy-0.11.6/tests/speedTest.py SOAPpy-0.11.6/tests/storageTest.py SOAPpy-0.11.6/tests/testClient1.py SOAPpy-0.11.6/tests/testWSDL.py SOAPpy-0.11.6/tests/testleak.py SOAPpy-0.11.6/tests/translateTest.py SOAPpy-0.11.6/tests/weatherTest.py SOAPpy-0.11.6/tests/whoisTest.py SOAPpy-0.11.6/tests/xmethods.py SOAPpy-0.11.6/tools/ SOAPpy-0.11.6/tools/interop2html.py SOAPpy-0.11.6/validate/ SOAPpy-0.11.6/validate/server.pem SOAPpy-0.11.6/validate/silab.servers SOAPpy-0.11.6/validate/silabclient.py SOAPpy-0.11.6/validate/silabserver.py SOAPpy-0.11.6/validate/soapware.py SOAPpy-0.11.6/ChangeLog SOAPpy-0.11.6/LICENSE SOAPpy-0.11.6/README SOAPpy-0.11.6/RELEASE_INFO SOAPpy-0.11.6/TODO SOAPpy-0.11.6/setup.py SOAPpy-0.11.6/PKG-INFO ~/Linux$ ~/Linux$ cd SOAPpy-0.11.6 ~/Linux/SOAPpy-0.11.6$ sudo python2.4 setup.py install running install running build running build_py creating build creating build/lib creating build/lib/SOAPpy copying SOAPpy/__init__.py -> build/lib/SOAPpy copying SOAPpy/GSIServer.py -> build/lib/SOAPpy copying SOAPpy/SOAP.py -> build/lib/SOAPpy copying SOAPpy/SOAPBuilder.py -> build/lib/SOAPpy copying SOAPpy/URLopener.py -> build/lib/SOAPpy copying SOAPpy/version.py -> build/lib/SOAPpy copying SOAPpy/Client.py -> build/lib/SOAPpy copying SOAPpy/Utilities.py -> build/lib/SOAPpy copying SOAPpy/NS.py -> build/lib/SOAPpy copying SOAPpy/Config.py -> build/lib/SOAPpy copying SOAPpy/Parser.py -> build/lib/SOAPpy copying SOAPpy/Errors.py -> build/lib/SOAPpy copying SOAPpy/Types.py -> build/lib/SOAPpy copying SOAPpy/Server.py -> build/lib/SOAPpy copying SOAPpy/WSDL.py -> build/lib/SOAPpy creating build/lib/SOAPpy/wstools copying SOAPpy/wstools/Namespaces.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/__init__.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/UserTuple.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/XMLname.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/XMLSchema.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/WSDLTools.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/Utility.py -> build/lib/SOAPpy/wstools copying SOAPpy/wstools/TimeoutSocket.py -> build/lib/SOAPpy/wstools running install_lib creating /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/__init__.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/GSIServer.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/SOAP.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/SOAPBuilder.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/URLopener.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/version.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Client.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Utilities.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/NS.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Config.py -> /usr/lib/python2.4/site-packages/SOAPpy creating /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/Namespaces.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/__init__.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/UserTuple.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/XMLname.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/XMLSchema.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/WSDLTools.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/Utility.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/wstools/TimeoutSocket.py -> /usr/lib/python2.4/site-packages/SOAPpy/wstools copying build/lib/SOAPpy/Parser.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Errors.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Types.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/Server.py -> /usr/lib/python2.4/site-packages/SOAPpy copying build/lib/SOAPpy/WSDL.py -> /usr/lib/python2.4/site-packages/SOAPpy byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/__init__.py to __init__.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/GSIServer.py to GSIServer.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/SOAP.py to SOAP.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/SOAPBuilder.py to SOAPBuilder.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/URLopener.py to URLopener.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/version.py to version.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Client.py to Client.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Utilities.py to Utilities.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/NS.py to NS.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Config.py to Config.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/Namespaces.py to Namespaces.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/__init__.py to __init__.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/UserTuple.py to UserTuple.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/XMLname.py to XMLname.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/XMLSchema.py to XMLSchema.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/WSDLTools.py to WSDLTools.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/Utility.py to Utility.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/wstools/TimeoutSocket.py to TimeoutSocket.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Parser.py to Parser.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Errors.py to Errors.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Types.py to Types.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/Server.py to Server.pyc byte-compiling /usr/lib/python2.4/site-packages/SOAPpy/WSDL.py to WSDL.pyc running install_egg_info Writing /usr/lib/python2.4/site-packages/SOAPpy-0.11.6.egg-info ~/Linux/SOAPpy-0.11.6$
Ensure SOAPpy was installed successfully from Python command line as shown in figure 13:
){kind=small}
At this stage we have all the required components to get ‘UCP.py’ to let user change their password.
On Windows simply type ‘ucp.py’ and script will execute as shown in figure 14. The ‘ucp.py’ in this example is placed at C drive root location.
){kind=small}
On Ubuntu:
~$ python2.4 ucp.py Please enter ACS host name or IP address: 192.168.26.51 Please enter user name: prem Please enter old password: alpha123! Please enter new password: alpha1234! Success ~$
Summary
In the examples shown in this article, we did no customization on our end and used everything as is. Beyond the scope of this article, we can also customize UCP, so that it can be integrated into corporate web portals.
In ACS we can use Web Services Description Language (WDSL) to integrate UCP. The WSDL is an XML format that describes network services as a collection of ports that operate on messages. WSDL is extensible to allow the description of endpoints and their messages regardless of the message formats or network protocols that you use.
Resources
For more information on WSDL please refer to World Wide Web Consortium website.
For complete information on UCP and WSDL please refer to ‘Software Developer's Guide for the Cisco Secure Access Control System’.