April 7, 2016 at 10:38 am #9354AbhishekBParticipant
I have deployed OpenAM 13.0.0 in my environment. I am making use of embedded OpenDJ as configuration and data store.
I want to force users change their password upon first log on after their accounts are created in embedded OpenDJ by importing LDIF and also when OpenAM administrator resets user password.
To achieve this, I followed these steps:
1. Configuring separate Authentication Chain which uses LDAP authentication module rather than DataStore authentication module which is used OOTB.
2. Under Authentication->Settings->Core, point the Organization Authentication Configuration to the newly created Authentication Chain while Administrator Authentication Configuration still using the default ldapService authentication chain.
3. Under Configuration->Global->Password Reset, enable ‘Force Change Password on Next Login’ checkbox.
4. Load users with “pwdMustChange: true” and “pwdReset: true” attributes.
Now after I load users in opendj, and user tries to access the openam console, it is not redirected to password change page. Also, I tried changing the password for the user using OpenAM administrator account, and then user tried login. Again no force password change.
AbhishekAugust 8, 2017 at 12:15 pm #18379aktokasParticipant
Hi Abhishek, any updates on how you resolved the above mentioned issue.. i am doing a POC on openam and i am stuck at exact same issue.
Thanks and Regards,
AkshayAugust 8, 2017 at 9:12 pm #18389Peter MajorModerator
The “Force Change Password on Next Login” setting in the Password Reset service never actually worked.
The thing is that the rest of the steps sound correct: you can force a password reset by setting the pwdReset: true attribute in the user entry and then trying to authenticate with the LDAP authentication module.
Additionally you can configure the password policy in OpenDJ to force a password change upon creation or password reset.
You must be logged in to reply to this topic.