Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-4290

Missing Password Reset Feature "Force Change Password on Next Login"

    XMLWordPrintable

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 11.0.0
    • None
    • authentication
    • None
    • OpenAM on Linux, AD-LDS as User-Store on Windows Server 2008 R2
    • Rank:
      1|hzolgf:

    Description

      OpenAM documentation Configuring Password Reset describes the feature "Force Change Password on Next Login":
      "When enabled, the user must change her password next time she logs in after OpenAM resets her password."

      Expected behaviour:

      • End user opens the reset password page (/openam/password)
      • End user inputs user ID and answers the secret questions
      • A new password is created, stored in LDAP and send by E-Mail to the user (as far, everything is fine...)
      • If option "Force Change Password on Next Login" is selected, LDAP attribute "iplanet-am-user-password-reset-force-reset" should be set to "true"
      • During next login this additional LDAP attribute has to be checked by the authentication module
      • If LDAP attribute value "iplanet-am-user-password-reset-force-reset = true", user must change password during authentication process

      This feature is currently not implemented:

      • LDAP attribute "iplanet-am-user-password-reset-force-reset" is included in the OpenAM schema extensions (e.g. for AD-LDS)
      • LDAP attribute is not written during password reset
      • LDAP attribute is not checked in the following authentication modules: Data-Store, LDAP, AD

      Attachments

        Issue Links

          Activity

            People

              peter.major Peter Major [X] (Inactive)
              dirk.winkler@outlook.com Dirk Winkler [X] (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: