The XUI profile page fails on changing the users password when the default authentication chains has been configured for WDSSO.
When trying to change the password, XUI responds with a "invalid password" message, although the password is correct.
The auth chains is configured like this:
1. WDSSO as SUFFICIENT
2. Datastore (against external OpenDJ) as REQUIRED
The chain is working properly with normal authentication on secured services.
Users with valid Kerberos tickets are authenticated automatically, others provide user/password in the XUI login prompt.
Steps to reproduce:
1. Setup WDSSO authentication against AD (see auth chain above)
2. Enable XUI
3. Verify that authentication without Kerberos is working properly for a chosen user via the login prompt. Remember the password.
You should now be located in the XUI profile screen (.../openam/XUI/#profile/).
4. Hit the change password link and provide old & new credentials for the user.
5. Submit the form and note the error message about an "invalid user or password".
This is reproducable as soon as the WDSSO module is put in the chain.