Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-5695

Allow admin users to update user's password without the old password

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.0.2, 11.0.3, 12.0.0, 13.0.0
    • Fix Version/s: 12.0.3, 13.0.0
    • Component/s: rest
    • Sprint:
      Sprint 81 - Sustaining, Sprint 83 - Sustaining, Sprint 84 - Sustaining, Sustaining Sprint 12
    • Support Ticket IDs:

      Description

      Admin users should have the necessary delegation permissions to update the user's password without the old password.
      This operation should be possible with the updating identity REST API as follow:

      curl --request PUT --header "iplanetDirectoryPro: AQIC5...Y3MTAx*"
       --header "Content-Type: application/json"
       --data '{ "userpassword": "secret1" }'
      http://openam.example.com:18080/openam/json/users/demo
      

      if the user who is being updated is actually the same user as who performs the operation, the request should be rejected (to enforce that changing the current user's password requires the current password), otherwise the request should be let through, and let it to potentially fail due to not having the necessary delegation permissions that would allow the update of the user entry.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                quentin.castel Quentin CASTEL [X] (Inactive)
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 6h Original Estimate - 6h
                  6h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 16h
                  16h