Password reset/update with REST for Active Directory

This topic has 2 replies, 2 voices, and was last updated 6 years, 6 months ago by Mirko Teodorovic.

  • Author
    Posts
  • #9988
     Mirko Teodorovic
    Participant

    Is it possible to update/reset password using OpenAM REST

    https://openam.example.com:8443/openam/json/users/demo?_action=changePassword

    authentication is based on AD so password update would have to change password for user on AD

    #10002
     Scott Heger
    Participant

    If your Data Store config is set up with a user account that has write access to AD and the user whose password is being changed is the user making the change request (i.e. their SSOToken is provided), then yes, it should work.

    #10502
     Mirko Teodorovic
    Participant

    CoreSystem

    amLog:05/10/2016 08:41:03:000 AM EDT: Thread[SystemTimer,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-146]
    amSSO.access:FileHandler:TimeBufferingTask.run() called
    amLog:05/10/2016 08:41:03:000 AM EDT: Thread[SystemTimer,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-146]
    amSSO.access:FileHandler.flush: no records in buffer to write
    amIdentityServices:05/10/2016 08:41:06:581 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    Creating SSOToken for ID: AQIC5wM2LY4SfcxGDH9UYevb4_Tzr7K46rpDQLxH7A6zfrQ.*AAJTSQACMDEAAlNLABMxNDkzNjY4ODA4MjA3MjIzODEwAAJTMQAA*
    frRest:05/10/2016 08:41:06:600 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    Mirko%20Teodorovic :: ACTION|CHANGEPASSWORD attempted by id=mirko teodorovic,ou=user,dc=openam,dc=forgerock,dc=org
    frRest:05/10/2016 08:41:06:648 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    WARNING: Cannot change password! Mirko Teodorovic:org.forgerock.json.resource.BadRequestException: Old password is incorrect.

    Authentication

    hostName is : emeabgdsieapp03
    amAuthClientUtils:05/10/2016 08:40:59:578 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-254]
    hostname and fqdnDefault match returning true
    amAuthClientUtils:05/10/2016 08:40:59:579 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-254]
    retVal is : true
    AuthAgents:05/10/2016 08:41:06:615 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    AuthenticatedSharedAgents:isMember:idType = IdType: user, userDN = mirko teodorovic
    AuthAgents:05/10/2016 08:41:06:616 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    AuthenticatedSharedAgents.isMember():userDN is null or invalid IdType mirko teodorovicIdType :IdType: user
    AuthAgents:05/10/2016 08:41:06:616 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    AuthenticatedSharedAgents.isMember():returning false
    amAuthClientUtils:05/10/2016 09:09:38:808 AM EDT: Thread[http-bio-8080-exec-7,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-267]
    Returning host name : emeabgdsieapp03
    amAuthClientUtils:05/10/2016 09:09

    IdRepo

    getSupportedTypes invoked
    DJLDAPv3Repo:05/10/2016 08:41:06:622 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    getSupportedOperations invoked
    amIdm:05/10/2016 08:41:06:622 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    IdRepoPluginsCache.getIdRepoPlugins retuned for OrgName: dc=openam,dc=forgerock,dc=org Op: Operation: edit Type: IdType: user Plugins: [org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo, com.sun.identity.idm.plugins.i
    nternal.SpecialRepo]
    DJLDAPv3Repo:05/10/2016 08:41:06:622 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    changePassword invoked
    DJLDAPv3Repo:05/10/2016 08:41:06:646 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    ERROR: An error occurred while trying to change password for identity: Mirko Teodorovic
    org.forgerock.opendj.ldap.AuthenticationException: Invalid Credentials
    at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:150)
    at org.forgerock.opendj.ldap.spi.ResultLdapPromiseImpl.setResultOrError(ResultLdapPromiseImpl.java:142)
    at org.forgerock.opendj.grizzly.LDAPClientFilter$ClientResponseHandler.bindResult(LDAPClientFilter.java:192)
    at org.forgerock.opendj.io.LDAPReader.readBindResult(LDAPReader.java:217)
    at org.forgerock.opendj.io.LDAPReader.readProtocolOp(LDAPReader.java:550)
    at org.forgerock.opendj.io.LDAPReader.readMessage(LDAPReader.java:132)
    at org.forgerock.opendj.grizzly.LDAPBaseFilter.handleRead(LDAPBaseFilter.java:82)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
    at java.lang.Thread.run(Thread.java:745)

    amIdm:05/10/2016 08:41:06:647 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    WARNING: IdServicesImpl.changePassword: Unable to change password following repository org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo :: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=49
    amIdm:05/10/2016 08:41:06:647 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    IdServicesImpl.changePassword: Unable to change password in the following repository com.sun.identity.idm.plugins.internal.SpecialRepo :: Plug-in com.sun.identity.idm.plugins.internal.SpecialRepo: Changing user password not supported.
    amIdm:05/10/2016 08:41:06:648 AM EDT: Thread[http-bio-8080-exec-10,5,main]: TransactionId[73a72306-2c89-4c12-903e-3ec8d3e14214-257]
    WARNING: IdServicesImpl.changePassword: Unable to change password for identity user::Mirko Teodorovic in any configured data store
    Message:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=49

    at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.changePassword(DJLDAPv3Repo.java:444)
    at com.sun.identity.idm.server.IdServicesImpl.changePassword(IdServicesImpl.java:1832)
    at com.sun.identity.idm.AMIdentity.changePassword(AMIdentity.java:453)
    at org.forgerock.openam.core.rest.IdentityRestUtils.changePassword(IdentityRestUtils.java:83)
    at org.forgerock.openam.core.rest.IdentityResourceV2.actionInstance(IdentityResourceV2.java:1077)
    at org.forgerock.json.resource.InterfaceCollectionInstance.handleAction(InterfaceCollectionInstance.java:34)
    at org.forgerock.json.resource.Router.handleAction(Router.java:241)
    at org.forgerock.json.resource.Router.handleAction(Router.java:241)
    at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:59)

    I’ve been tryimg to update password via /openam/XUI/#profile/password page

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?