When using the AM Self-Service with 'Proxied Authorization' enabled results in a working flow, however, it stops admins from resetting users' passwords from the admin console. Since proxied authorization is enabled, this means that effectively the users are resetting their passwords themselves (instead of admin), so pwdReset operational attribute is no getting updated.
- Deploy AM with an external User store
- Enable force-change-on-reset in the User store's default password policy
- Add AM Self-Service Reset Password
- Due to
OPENAM-5159, we have to enable 'Proxied Authorization using Bind DN' in the AM's Identity Store configuration (to avoid twice pwd reset)
- Login to AM as administrator, change demo's password via the console
- Query the pwdReset operational attribute in the user store
Use 2 realms with the same identity store, one with proxied auth settings enabled (where self-service is enabled) and one for admin reset with proxied auth settings disabled.