Step-1 > Configure SSO between ISAM and IGI . Please refer this CookBook

https://developer.ibm.com/identitydev/docs/how-to-cookbook-for-ibm-security-access-manager-9-0-and-ibm-security-identity-governance-and-intelligence-5-2/

Step-2 -- > Modify WebSeal Login Page and give the reference of IGI forgot password link  (Make sure you are going through Junction otherwise you need to open direct access for IGI port which is not good practice )

NOTE :-- Added check on Username , because IGI Forgot Password Operation required User Name .You can ignore this change and give user details on IGI  Forgot password Link .

Ex:--

<script type="text/javascript">

function theFunction ()

{

   var uname=document.getElementById("username");

    var myurl=document.getElementById("myurl");

    if (uname != null && uname.value == '') {

    alert("Please provide a valid username");

    document.getElementById("myurl").href="#";

   //alert("Please provide a valid username"+myurl);   

}

else

{

document.getElementById("myurl").href="https://websealhost/ideas/desk?realm=IDEAS&action=forgotpassword&user="+uname.value;}

 }

</script>

<div class="login-inputs"> <label for="username">Username:</label> <input class="ease-in-anim-fast" placeholder="Username" id="username" name="username" type="text"> <label for="password">Password:</label> <input class="ease-in-anim-fast" placeholder="Password" id="password" name="password" autocomplete="off" type="password"> <input name="login-form-type" value="pwd" type="hidden"> <input class="submitButton button-1 ease-in-anim-fast" value="Login" type="submit"><a id="myurl" href="" onClick="return theFunction();">Forgot Password</a>

</div>

Step-3 -- > Add this below resource in DynURL and attach un-auth ACL

/forgotpwd /ideas/desk?realm=IDEAS&action=forgotpassword&user=*

/logincss /ideas/css/login.css

/VAADIN /ideas/VAADIN/*

/UIDL /ideas/desk/UIDL/?v-uiId=*

/PUSH /ideas/desk/PUSH?v-uiId=*

/APP /ideas/desk/APP/connector/0/18/icon/*

Step-4 -- > Execute this below command from ISAM pdadmin console

#server task <WebSeal_Server_Name> dynurl update

EX :- server task idp_webseal-webseald-isamlabsec.ibm.com dynurl update

pdadmin sec_master> acl show isam_igisso_isam_unauth

    ACL Name: isam_igisso_isam_unauth

    Description: fedAutoCfg

    Entries:

        User cicdemo1-webseald/isam901 TcmdbsvaBRl

        Group iv-admin TcmdbsvaBRrxl

        Any-other Tr

        Unauthenticated Tr

Verify Objects and ACL attached on the object

pdadmin sec_master> object list /WebSEAL/isamlabsec.ibm.com-idp_webseal

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/APP

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/forgotpwd

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/logincss

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/PUSH

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/UIDL

    /WebSEAL/isamlabsec.ibm.com-idp_webseal/VAADIN

EX :           

pdadmin sec_master> object show /WebSEAL/isamlabsec.ibm.com-idp_webseal/APP

    Name: /WebSEAL/isamlabsec.ibm.com-idp_webseal/APP

        Description: Object from host isamlabsec.ibm.com.

        Type: 16 (Management Object)

        Is Policy Attachable: Yes

        Extended Attributes:

        Attached ACL: isam_mobile_unauth

        Attached POP:

        Attached AuthzRule:

        Effective Extended Attributes:

        Effective ACL: isam_mobile_unauth

        Effective POP:

        Effective AuthzRule:

Step-4 -- > Now we can use IGI Forgot password feature directly on WebSeal Login page .

Verified this Use case  :

1 > Clicked on forgot password link its given alert to add valid user

2 > Given Valid user name and clicked on forgot password , able to proceed with forgot password operation.

After providing correct security answer moved on reset password page

3 > Verified in IGI OUT_EVENT queue