Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16755

When using LDAP module in chain or LDAP node in tree, password policy of password-history-count:0 is ignored

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a defect
    • Affects Version/s: 6.5.2.3
    • Fix Version/s: None
    • Component/s: authentication, trees
    • Labels:
    • Environment:
      AM 6.5.2.3, DS 6.5.2
    • Rank:
      1|i020y7:
    • Sprint:
      AM Sustaining Sprint 79, AM Sustaining Sprint 80, AM Sustaining Sprint 81, AM Sustaining Sprint 82, AM Sustaining Sprint 83, AM Sustaining Sprint 84, AM Sustaining Sprint 85
    • Support Ticket IDs:

      Description

      Bug description

      _When authenticating with LDAP module in chain or LDAP node in tree, the password policy password-history-count:0 and password-history-duration:0s seem to be ignored. When the user password expires and they are presented with a reset dialog, reusing the expired password results in the message "The password must be different. Try again."  Response in HAR file:_ 

      stage "LDAP2"
      header "The password must be different. Try again."

      Expired password can however be reused when going through Forgot Password user self service.

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Set password policy password-history-count:0 and password-history-duration:0s, grace-login-count:2
      2. Create chain or tree with LDAP module or LDAP decision node.
      3. Attempt to authenticate with the chain or tree
      4. Enter expired password
      Expected behaviour
      User may reset password with their expired password
      
      Current behaviour
      Password reset fails, user presented with message "The password must be different. Try again."
      

      Work around

       

      Code analysis

       

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            Assignee:
            sachiko Sachiko Wallace
            Reporter:
            chris.fay Chris Fay
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: