Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11523

Using the LDAP/AD auth module, the change password on next login, if current password is empty it displays the wrong error message

    Details

    • Sprint:
      AM Sustaining Sprint 58, AM Sustaining Sprint 59
    • Story Points:
      3
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      When using the LDAP/AD authentication module with change password on next login enabled, on the change password page when submitting an empty or incorrect password for the current password and a password that meets the password policy for both the new and confirm password fields, the error that is displayed says "New password does not meet the password policy requirements." The error that should be displayed is "The password you have entered is invalid."

      How to reproduce the issue

      1. step 1 Install a default OpenAM server with an AD as the user store with change password on next login enabled and SSL configured.
      1. step 2 Configure the AD authentication module
      1. step 3 Login with the user that needs to change their password which will take you to the change password page.
      1. step 4 In the current password field, give an incorrect password and in the new password and confirm password fields, provide a password that meets the AD password policy. You will see the incorrect error.
      Expected behaviour

      Testing with an OpenDJ user store, if the current password is invalid and the new and confirm passwords meet the password policy, the error message that is displayed is correct. "The password you have entered is invalid."

      Current behaviour

      Testing with an AD user store, if the current password is invalid and the new and confirm passwords meet the password policy, the error that is displayed is "New password does not meet the password policy requirements".

      Work around

      Code analysis

        Attachments

          Activity

            People

            • Assignee:
              kamal.sivanandam@forgerock.com Kamal Sivanandam
              Reporter:
              tina.roper Tina Roper
            • Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: