i tried to implement password reset function with z/OS MFA 2.3.  i have defined the required PTKTDATA profiles;  When i lauch the https://server-name:port/html/pwReset.html web page and enter my userid/CERT CTC/new password , i get a failure 'your password was not changed', and in the STC log i see message AZF2612E Passticket generatiion failure. This message is not documented in the MFA 2.3 IBM MFA doc

IBM Z Multi-Factor Authentication
Installation and Customization
IBM
SC27-8447-42

i do have passticket working ok for other uses. 

I also do not see any reference in the documentation  to the application name AZFAPPL. Is it a hardcoced name ?

The documentation says to define the following profiles (which i did)

RDEFINE PTKTDATA AZFAPPL SSIGNON(KEYENCRYPTED(0011223344556677))
RDEFINE PTKTDATA IRRPTAUTH.AZFAPPL.* OWNER(userid or group-name) .
PERMIT IRRPTAUTH.AZFAPPL.* ACCESS(UPDATE) CLASS(PTKTDATA) ID(AZFSTC)
SETROPTS RACLIST(PTKTDATA) REFRESH

the AZF STC trace level is 3 but i do not see any other error message except AZF2612E.

My MFA level is 2.3.0.1 compiled dec 19 2023

Passticket support AZFPTKT1 is 2.3.0 compiled Nov 30 2023.

Any hint ?

i tried to implement password reset function with z/OS MFA 2.3.  i have defined the required PTKTDATA profiles;  When i lauch the https://server-name:port/html/pwReset.html web page and enter my userid/CERT CTC/new password , i get a failure 'your password was not changed', and in the STC log i see message AZF2612E Passticket generatiion failure. This message is not documented in the MFA 2.3 IBM MFA doc

IBM Z Multi-Factor Authentication
Installation and Customization
IBM
SC27-8447-42

i do have passticket working ok for other uses. 

I also do not see any reference in the documentation  to the application name AZFAPPL. Is it a hardcoced name ?

The documentation says to define the following profiles (which i did)

RDEFINE PTKTDATA AZFAPPL SSIGNON(KEYENCRYPTED(0011223344556677))
RDEFINE PTKTDATA IRRPTAUTH.AZFAPPL.* OWNER(userid or group-name) .
PERMIT IRRPTAUTH.AZFAPPL.* ACCESS(UPDATE) CLASS(PTKTDATA) ID(AZFSTC)
SETROPTS RACLIST(PTKTDATA) REFRESH

the AZF STC trace level is 3 but i do not see any other error message except AZF2612E.

My MFA level is 2.3.0.1 compiled dec 19 2023

Passticket support AZFPTKT1 is 2.3.0 compiled Nov 30 2023.

Any hint ?

Hi Philippe! MFA uses Passtickets as part of the password reset workflow, and the "AZFAPPL " application name is indeed hard-coded. This is documented at https://www.ibm.com/docs/en/zma/2.3.0?topic=customization-resetting-user-password as part of the admin steps needed to implement the password reset functionality.

The error you are seeing corresponds to a passticket generation failure , I will look into adding it to the documentation if its not already there. Can you confirm that the values you plugged into the PERMIT and RDEFINE calls are valid for you system? (AZFSTC is the ID for the started task, etc?)

i tried to implement password reset function with z/OS MFA 2.3.  i have defined the required PTKTDATA profiles;  When i lauch the https://server-name:port/html/pwReset.html web page and enter my userid/CERT CTC/new password , i get a failure 'your password was not changed', and in the STC log i see message AZF2612E Passticket generatiion failure. This message is not documented in the MFA 2.3 IBM MFA doc

IBM Z Multi-Factor Authentication
Installation and Customization
IBM
SC27-8447-42

i do have passticket working ok for other uses. 

I also do not see any reference in the documentation  to the application name AZFAPPL. Is it a hardcoced name ?

The documentation says to define the following profiles (which i did)

RDEFINE PTKTDATA AZFAPPL SSIGNON(KEYENCRYPTED(0011223344556677))
RDEFINE PTKTDATA IRRPTAUTH.AZFAPPL.* OWNER(userid or group-name) .
PERMIT IRRPTAUTH.AZFAPPL.* ACCESS(UPDATE) CLASS(PTKTDATA) ID(AZFSTC)
SETROPTS RACLIST(PTKTDATA) REFRESH

the AZF STC trace level is 3 but i do not see any other error message except AZF2612E.

My MFA level is 2.3.0.1 compiled dec 19 2023

Passticket support AZFPTKT1 is 2.3.0 compiled Nov 30 2023.

Any hint ?

Hi Hrithik . 

In fact i just noticed that my command to define the passticket had failed with the following error message

Hi Philippe! MFA uses Passtickets as part of the password reset workflow, and the "AZFAPPL " application name is indeed hard-coded. This is documented at https://www.ibm.com/docs/en/zma/2.3.0?topic=customization-resetting-user-password as part of the admin steps needed to implement the password reset functionality.

The error you are seeing corresponds to a passticket generation failure , I will look into adding it to the documentation if its not already there. Can you confirm that the values you plugged into the PERMIT and RDEFINE calls are valid for you system? (AZFSTC is the ID for the started task, etc?)

i tried to implement password reset function with z/OS MFA 2.3.  i have defined the required PTKTDATA profiles;  When i lauch the https://server-name:port/html/pwReset.html web page and enter my userid/CERT CTC/new password , i get a failure 'your password was not changed', and in the STC log i see message AZF2612E Passticket generatiion failure. This message is not documented in the MFA 2.3 IBM MFA doc

IBM Z Multi-Factor Authentication
Installation and Customization
IBM
SC27-8447-42

i do have passticket working ok for other uses. 

I also do not see any reference in the documentation  to the application name AZFAPPL. Is it a hardcoced name ?

The documentation says to define the following profiles (which i did)

RDEFINE PTKTDATA AZFAPPL SSIGNON(KEYENCRYPTED(0011223344556677))
RDEFINE PTKTDATA IRRPTAUTH.AZFAPPL.* OWNER(userid or group-name) .
PERMIT IRRPTAUTH.AZFAPPL.* ACCESS(UPDATE) CLASS(PTKTDATA) ID(AZFSTC)
SETROPTS RACLIST(PTKTDATA) REFRESH

the AZF STC trace level is 3 but i do not see any other error message except AZF2612E.

My MFA level is 2.3.0.1 compiled dec 19 2023

Passticket support AZFPTKT1 is 2.3.0 compiled Nov 30 2023.

Any hint ?