Change Password on Next Login – Custom Redirect

This topic has 0 replies, 1 voice, and was last updated 4 years ago by chris-fry.

  • Author
  • #23262

    Hi all,

    I have an existing Access Manager (AM) implementation that is functioning correctly using FR Directory Services (DS) as the user data store.

    I’d like to implement a solution that allows an admin to flag an account for “Change Password on Next Login” using the ‘iplanet-am-user-password-reset-force-reset’ attribute in DS, then redirects the user to a custom application next time they log in.


    I’ve been trying to implement this using a simple server-side JavaScript authentication module that executes after the first LDAP module. I can pass the user through if the attribute is not set, but am struggling with the redirect logic when it is set to true.

    Authentication Module Script below:

    if (getChangePasswordNextLogin()) {
        authState = FAILED;
        // Want to redirect a user here
    } else {
        authState = SUCCESS;
    function getChangePasswordNextLogin() {
        var getChangePasswordNextLogin = idRepository.getAttribute(username, "iplanet-am-user-password-reset-force-reset");
        if (getChangePasswordNextLogin == null || getChangePasswordNextLogin.isEmpty()) {
            return false;
        else {
          	var change = getChangePasswordNextLogin.iterator().next();
            if (change == 'true') {
                return true;
            else {
                return false;

    Is this a reasonable approach? If so, how can I redirect the user to the password app?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?