Forgotten Password is not working as expected on HTTPS. We have unchecked SSL on the webserver but it is still not working on HTTPS.
When in the Forgotten Password screen, if the user clicks cancel, they are redirected to an error page because they have been forwarded to HTTP instead of staying on HTTPS
The environment is integrated with SiteMinder/SSO.
The logoffUri in the SSO Agent Configuration Object (ACO) is not configured correctly.
The ACO for the IM environment in SiteMinder had the logoffURI pointing to an unfamiliar, incorrect JSP. Per the IM documentation, when SSO is protecting IM, the IM logout.jsp does not do anything. Instead, the ACO logoffURI needs to be set to /iam/im/logout.jsp.
Configure the ACO logoffUri via the SSO AdminUI as
/iam/im/logout.jsp
See also, https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/configuring/ca-single-sign-on-integration/ca-sso-operations/configure-the-logoff-uri.html