[OPENAM-8174] OpenAM gives an Internal Server Error when the user tries to reset their password before the minimum password age - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 12.0.2, 13.0.0, 13.5.0
Fix Version/s: 12.0.3, 13.5.0
Component/s: XUI
Labels:
- EDISON
- release-notes

Target Version/s:

12.0.3, 13.5.0

Sprint:
AM Sustaining Sprint 16, AM Sustaining Sprint 17

Support Ticket IDs:

Description

When OpenAM has a minimum password age established in OpenDJ with a Password Policy, the user will receive an Internal Server Error message in the XUI when they use Change Password instead of a message informing them their password cannot be changed due to the password policy.

Steps to reproduce:

Create a password Policy in OpenDJ with min-password-age set.
- Run dsconfig command in OpenDJ bin
- Select 27 for Password Policy
- Select 3 to edit an existing password policy
- Select 1 for Default Password Policy
- Select 18 for min-password-age and change the value for the min-pasword-age
- Select f to finish and save the changes that have been made
Login to the end user page.
Select "Change Password".
Change the User's password.

This will result in the user receiving an Internal User Error in the XUI even though the IdRepo logs show the following:

ERROR: An error occurred while trying to change password for identity: user.0
org.forgerock.opendj.ldap.ErrorResultException: Unwilling to Perform: The password cannot be changed because it has not been long enough since the last password change
at org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:232)
at com.forgerock.opendj.ldap.AbstractLDAPFutureResultImpl.setResultOrError(AbstractLDAPFutureResultImpl.java:138)
at com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:326)
at com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:79)
at com.forgerock.opendj.ldap.LDAPReader.decodeModifyResult(LDAPReader.java:1055)
at com.forgerock.opendj.ldap.LDAPReader.decodeProtocolOp(LDAPReader.java:1143)
at com.forgerock.opendj.ldap.LDAPReader.decode(LDAPReader.java:166)
at com.forgerock.opendj.ldap.LDAPClientFilter.handleRead(LDAPClientFilter.java:499)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:291)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:209)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:137)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:115)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:550)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
at java.lang.Thread.run(Thread.java:745)

Attachments

Issue Links

is related to

OPENAM-6867 changePassword REST endpoint is not returning LDAP issues that are related to a user mistake.

Resolved

Activity

People

Assignee:

Quentin CASTEL [X] (Inactive)

Reporter:

Abel Hoxeng

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

20/Jan/16 11:57 PM

Updated:

28/Dec/16 5:25 PM

Resolved:

16/May/16 9:54 PM

Time Tracking

Estimated:

Remaining:

Logged: