Configuring the Identity Manager Password Controls
When the Identity Manager password controls are configured for user-initiated password reset, the following occur:
-
The Identity Manager Open SSO Resource Adaptor requires the old password.
-
Identity Manager uses the basic change password form.
-
Identity Manager self-change is enabled.
To Configure the Identity Manager Password
Controls
-
Log in to Identity Manager as an administrator.
-
Navigate to the Configure tab.
-
Click on the link "Form and Process Mappings.”
-
Search for the entry "endUserChangePassword. "
In the text field, replace "End User Change Password Form" with "Basic Change Password Form.”
-
Save the changes.
To Test the Identity Manager Password Control
Configuration
-
Log in to Identity Manager as a regular user .
-
Under the "Profile" tab, go to the "Change password" page.
You should see that SunAccessManagerRealm requires the old password.
-
Enter the user's the old password, the new password, and confirmation of the new password,
The user's password should be set in the Directory Server user data store as a "self-change” instead of am "admin-change.” This is especially important if the pwdMustChange or passwordMustChange attributes had been earlier set on the user's profile on the Directory Server. If the self-change configuration is not implemented, when the user logs back into OpenSSO Enterprise, the user will be asked to change his password again
- © 2010, Oracle Corporation and/or its affiliates