Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4290

Missing Password Reset Feature "Force Change Password on Next Login"


    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 11.0.0
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
    • Environment:
      OpenAM on Linux, AD-LDS as User-Store on Windows Server 2008 R2


      OpenAM documentation Configuring Password Reset describes the feature "Force Change Password on Next Login":
      "When enabled, the user must change her password next time she logs in after OpenAM resets her password."

      Expected behaviour:

      • End user opens the reset password page (/openam/password)
      • End user inputs user ID and answers the secret questions
      • A new password is created, stored in LDAP and send by E-Mail to the user (as far, everything is fine...)
      • If option "Force Change Password on Next Login" is selected, LDAP attribute "iplanet-am-user-password-reset-force-reset" should be set to "true"
      • During next login this additional LDAP attribute has to be checked by the authentication module
      • If LDAP attribute value "iplanet-am-user-password-reset-force-reset = true", user must change password during authentication process

      This feature is currently not implemented:

      • LDAP attribute "iplanet-am-user-password-reset-force-reset" is included in the OpenAM schema extensions (e.g. for AD-LDS)
      • LDAP attribute is not written during password reset
      • LDAP attribute is not checked in the following authentication modules: Data-Store, LDAP, AD


          Issue Links



              • Assignee:
                peter.major Peter Major [X] (Inactive)
                dirk.winkler@outlook.com Dirk Winkler [X] (Inactive)
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: