We have a requirement to capture a user's password when changed, either after logging in or using secrets, and pushing this password to a different repository as clear text. Does anyone know how this can be done in OpenSSO?
You could write a post authentication plugin which grabs the IDToken2 request parameter and then do whatever you want to do with it. However, pushing a password in clear text isn't a good idea and goes against best practices. I do hope your environment at least uses encryption like SSL to protect the traffic.