Force Password Change Upon First Login Not Working

This topic has 2 replies, 3 voices, and was last updated 5 years, 3 months ago by Peter Major.

  • Author
    Posts
  • #9354
     AbhishekB
    Participant

    Hi,

    I have deployed OpenAM 13.0.0 in my environment. I am making use of embedded OpenDJ as configuration and data store.
    I want to force users change their password upon first log on after their accounts are created in embedded OpenDJ by importing LDIF and also when OpenAM administrator resets user password.

    To achieve this, I followed these steps:
    1. Configuring separate Authentication Chain which uses LDAP authentication module rather than DataStore authentication module which is used OOTB.
    2. Under Authentication->Settings->Core, point the Organization Authentication Configuration to the newly created Authentication Chain while Administrator Authentication Configuration still using the default ldapService authentication chain.
    3. Under Configuration->Global->Password Reset, enable ‘Force Change Password on Next Login’ checkbox.
    4. Load users with “pwdMustChange: true” and “pwdReset: true” attributes.

    Now after I load users in opendj, and user tries to access the openam console, it is not redirected to password change page. Also, I tried changing the password for the user using OpenAM administrator account, and then user tried login. Again no force password change.

    Thanks,
    Abhishek

    #18379
     aktokas
    Participant

    Hi Abhishek, any updates on how you resolved the above mentioned issue.. i am doing a POC on openam and i am stuck at exact same issue.
    Thanks and Regards,
    Akshay

    #18389
     Peter Major
    Moderator

    The “Force Change Password on Next Login” setting in the Password Reset service never actually worked.
    The thing is that the rest of the steps sound correct: you can force a password reset by setting the pwdReset: true attribute in the user entry and then trying to authenticate with the LDAP authentication module.
    Additionally you can configure the password policy in OpenDJ to force a password change upon creation or password reset.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?