I have a Sun IDM/Oracle Waveset 8.1.1 implementation where most users have two AD resources, lets call them AD1 and AD2.
An administrator may reset, or change a user's password, which also sets the password to 'expired', so that the next time the user logs in, the system will require the user to change their password once again.
On the user interface, the user logs in with their expired password, at which point the system requests the user change their password. On success, the system changes the password for the resource they have authenticated with (AD1). I can't seem to find the workflow or object to customise so that the system will change the password on both AD1 and AD2. Can anyone point me to the correct object?
As per your statements below, it seems you authenticate user by AD1 and are able to change password on AD1.
So it’s clear that your IDM user interface has been customized and set Login Module Groups on AD1 by default login Module is set on “Identity System User ID / Password Login Module”.
Login Module means from which resource you want to authenticate user and get him/her logged in IdM application.
So please check your user Interface login Modules and add AD2 resource as well, after that you will see after changing the password it will change the password on AD2 as well.
Below is the Tabs name you can see you login Module name and there is Button “Manage login Module Groups” once you click on that you will go to login modules page.
Security—Login- User Interface
Thank you for your response. Unfortunately AD1 and AD2 are already listed on the login module group for the User Interface as 'sufficient'. It seems whichever module is listed first is the one that has the password RESET performed on when the user supplies the new password.
I figured there must be a delivered workflow somewhere where I can specify which resources to change the password on - especially if this does not work as you, and I would have expected.