This discussion is archived
2 Replies Latest reply: May 10, 2012 11:22 AM by 805543 RSS

User Interface Login with expired password

805543 Newbie
Currently Being Moderated
Greetings all;

I have a Sun IDM/Oracle Waveset 8.1.1 implementation where most users have two AD resources, lets call them AD1 and AD2.
An administrator may reset, or change a user's password, which also sets the password to 'expired', so that the next time the user logs in, the system will require the user to change their password once again.

On the user interface, the user logs in with their expired password, at which point the system requests the user change their password. On success, the system changes the password for the resource they have authenticated with (AD1). I can't seem to find the workflow or object to customise so that the system will change the password on both AD1 and AD2. Can anyone point me to the correct object?

Thanks,
Sean
  • 1. Re: User Interface Login with expired password
    801120 Explorer
    Currently Being Moderated
    Hi Sean,

    As per your statements below, it seems you authenticate user by AD1 and are able to change password on AD1.
    So it’s clear that your IDM user interface has been customized and set Login Module Groups on AD1 by default login Module is set on “Identity System User ID / Password Login Module”.
    Login Module means from which resource you want to authenticate user and get him/her logged in IdM application.
    So please check your user Interface login Modules and add AD2 resource as well, after that you will see after changing the password it will change the password on AD2 as well.
    Below is the Tabs name you can see you login Module name and there is Button “Manage login Module Groups” once you click on that you will go to login modules page.
    Security—Login- User Interface

    Hope that will help you!!!
  • 2. Re: User Interface Login with expired password
    805543 Newbie
    Currently Being Moderated
    Hi Jay;

    Thank you for your response. Unfortunately AD1 and AD2 are already listed on the login module group for the User Interface as 'sufficient'. It seems whichever module is listed first is the one that has the password RESET performed on when the user supplies the new password.

    I figured there must be a delivered workflow somewhere where I can specify which resources to change the password on - especially if this does not work as you, and I would have expected.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points