0

ForgeRock AM 6.5, OpenDJ

I am trying to ask users to change their password once it has been reset by the admin on ForgeRock AM 6.5 with OpenDJ. I have enabled the force-change-on-reset flag under the password policy along with the pwdReset user attribute.

Surprisingly, after admin resets the password, the user attribute pwdReset becomes TRUE, but without any prompt or alert to change the password after login. The user continues to use the service the way it is.

The pwdReset field is only disabled when the user manually goes to the settings and changes the password.

How do I force the password reset screen, am I missing something here? Do I need to create a custom node in order to read the user attributes after login and redirect in case pwdReset is true?

Note: I am not using any custom UI as of now, and only doing my development using the standard out of the box ForgeRock XUI.

Thanks!

tush4r
  • 867
  • 12
  • 21
  • the PasswordPolicy response controls are only taken into account when you use the LDAP auth module. The 'datastore' auth module will not handle them. – Bernhard Thalmayr May 08 '20 at 10:41
  • Yep, I am using LDAP as the authentication module in my tree, but still, it's not happening. – tush4r May 09 '20 at 15:34

0 Answers0