Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6618

OpenAM "Forgot Password" makes the user change their password twice, if the OpenDJ Password Policy includes "force-change-on-reset"

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 12.0.1
    • Fix Version/s: None
    • Component/s: authentication
    • Labels:
      None
    • Support Ticket IDs:

      Description

      OpenAM's "Forgot Password" functionality allows the user to set a new password without authenticating - the password change counts as an "administrative" password change. When the user logs in with their new password (which they just set), they are made to change their password again.

        Attachments

          Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. OPENAM-5159 Request to improve REST forgotPasswordReset page flow

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                peter.major Peter Major
                Reporter:
                jmichell@thig.com Jeff Michell [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: