Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-1583

OpenIDM should not enforce the REAUTH_REQUIRED policy for openidm-cert role.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • OpenIDM 2.1.0, OpenIDM 2.1.1, OpenIDM 3.0.0
    • OpenIDM 2.1.2, OpenIDM 3.0.0
    • Module - Policy
    • None

    Description

      OpenIDM 2.x currently enforces a re-authentication policy when updating a managed users password attribute. This policy should not apply to users who authenticated via mutual auth and have the 'openidm-cert' role.

      Mutual auth is used by the OpenDJ account-change-handler plugin and therefore the re-auth policy breaks the plugins ability to update the user password.

      Workaround:
      1. Edit the OpenIDM conf/policy.json file
      2. Locate the 'password' property section
      3. Update the 're-auth-required' policy to exclude the 'openidm-cert' role by inserting:
      "openidm-cert",
      to the list of 'exceptRoles'.

      Attachments

        Activity

          People

            cgdrake Chris Drake
            cgdrake Chris Drake
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: