[OPENAM-4290] Missing Password Reset Feature "Force Change Password on Next Login" Created: 05/Aug/14  Updated: 05/Aug/14  Resolved: 05/Aug/14

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 11.0.0
Fix Version/s: None

Type: New Feature Priority: Major
Reporter: Dirk Winkler [X] (Inactive) Assignee: Peter Major [X] (Inactive)
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

OpenAM on Linux, AD-LDS as User-Store on Windows Server 2008 R2

Issue Links:
duplicates OPENAM-522 Password Reset Options -> Force Chang... Resolved


OpenAM documentation Configuring Password Reset describes the feature "Force Change Password on Next Login":
"When enabled, the user must change her password next time she logs in after OpenAM resets her password."

Expected behaviour:

  • End user opens the reset password page (/openam/password)
  • End user inputs user ID and answers the secret questions
  • A new password is created, stored in LDAP and send by E-Mail to the user (as far, everything is fine...)
  • If option "Force Change Password on Next Login" is selected, LDAP attribute "iplanet-am-user-password-reset-force-reset" should be set to "true"
  • During next login this additional LDAP attribute has to be checked by the authentication module
  • If LDAP attribute value "iplanet-am-user-password-reset-force-reset = true", user must change password during authentication process

This feature is currently not implemented:

  • LDAP attribute "iplanet-am-user-password-reset-force-reset" is included in the OpenAM schema extensions (e.g. for AD-LDS)
  • LDAP attribute is not written during password reset
  • LDAP attribute is not checked in the following authentication modules: Data-Store, LDAP, AD

Generated at Mon Nov 23 17:10:55 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.