Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14705

AM versions since 6 do not document Changes introduced in OPENAM-8349

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.5.0, 6.0.0.6, 7.0.0
    • Fix Version/s: 6.0.0.7, 6.5.2, 7.0.0
    • Component/s: documentation
    • Labels:
    • Environment:
      AM 6.x release notes
    • Sprint:
      AM 2019.6 - Lathe
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      The Password reset email token can no longer be reused multiple times. This may change the flow of customizations or applications that use this user self service feature. 

      How to reproduce the issue

      1. Checking release notes there is only a section on:

      Forgotten Password Account Lockout Feature

      AM 6 provides new properties to limit the number of attempts allowed at answering security questions (KBA), and to lock the account if exceeded. The properties are as follows:

      • Enforce password reset lockout (forgotten.password.kba.number.of.allowed.attempts.enforced)
      • Lock Out After number of attempts (forgotten.password.kba.number.of.allowed.attempts)
      1. There is no mention to this security improvement or change.
      Expected behaviour
      You would be able to click on the recovery password link multiple times and still recover your password
      Current behaviour
      The URL is only useable once, if you fail, you need to initiate receiving an email again. 
      

        Attachments

          Activity

            People

            • Assignee:
              cristina.herraz Cristina Herraz
              Reporter:
              william.hepler William Hepler
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: