[OPENAM-522] Password Reset Options -> Force Change Password on Next Login does not work Created: 05/Mar/11  Updated: 11/Apr/18  Resolved: 24/Feb/16

Status: Resolved
Project: OpenAM
Component/s: authentication, console
Affects Version/s: Snapshot9.5.2_RC1
Fix Version/s: None

Type: Bug Priority: Major
Reporter: timajus Assignee: Peter Major [X] (Inactive)
Resolution: Won't Fix Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Windows and Linux (tried on both)

Attachments: JPEG File screenshot.JPG    
Issue Links:
duplicates OPENAM-9801 Password change is not forced on Next... Resolved
is duplicated by OPENAM-9439 Password reset option to force change... Closed
is duplicated by OPENAM-4290 Missing Password Reset Feature "Force... Resolved
Support Ticket IDs:


Well the problem is simple. The "Force Change Password on Next Login" option into "Password Reset Options" of a Subject does not work into Access Control -> Realm -> Subjects (with amAdmin user). I would like to force a user to change his/her pass on next login but that does not happen: the check on the "Force Change Password on Next Login " checkbox is still there after the user logs again.

I would like to get it work on the internal datastore. I've also tried on a Oracle datastore and that does not work either.
Well i would like not to send a link to the http://openssoserver:port/opensso/password link to make a user change his pass..at least at first access.

Hope u can tell me in what i'm wrong or if i miss some configuration.
All the best and thanks a lot for your work!

Comment by Peter Major [X] (Inactive) [ 11/Apr/11 ]

After a quick look it looks like this feature is not implemented, only the setting on the console is done, but nothing else uses this configuration option.
If you have OpenDS/OpenDJ as a userstore then you could use the pwdReset operational attribute. If you change the attributes value to true, then the user will be enforced to change the password, but note, that this will only work if you're using LDAP authentication module. DataStore module can't handle the "LDAP password reset control", so using that module will result in authentication failure message.

Comment by timajus [ 12/Apr/11 ]

Thanks Peter for the reply. I will try looking for a OpenDS/OpenDJ and will install it trying to configure as custom datastore for openAM to see if that works.I'll keep u updated. All the best

EDIT: i've installed a OpenDS and then created a custom installation of OpenAM.
I've entered the console with amadmin and set the force change pass on next login for a the user01 (a sample user i've created). Then i've changed the authentication to LDAP then logout. After that i've entered with user01 that is on the datastore but nothing changed...no page to change the password appeared Just the same as before.
the usual detail user page appeared..
Hope u can help me going ahead
Looking forward
Thanks in advance,

Comment by Allen Jensen [X] (Inactive) [ 29/Jun/15 ]

Is this really still open? Using 12.0.0 and it seems to still not be possible to have user password change on next login

Comment by Peter Major [X] (Inactive) [ 24/Feb/16 ]

This is not a planned feature for OpenAM, the setting will be removed with the removal of the legacy password reset service.

Generated at Tue Oct 27 00:40:07 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.