When the Identity Manager password controls are configured for administrator-initiated password reset, the following occur:
The Identity Manager Open SSO Resource Adaptor requires the old password.
Identity Manager uses the basic change password form.
Identity Manager self-change is enabled.
Log in to Identity Manager as an administrator.
Navigate to the Configure tab.
Click on the link "Form and Process Mappings.”
Search for the entry "endUserChangePassword. "
In the text field, replace "End User Change Password Form" with "Basic Change Password Form.”
Save the changes.
Login to Identity Manager as a regular user .
Under the "Profile" tab, go to the "Change password" page.
You should see that SunAccessManagerRealm requires the old password.
Enter the user's the old password, the new password, and confirmation of the new password,
The user's password should be set in the Directory Server user data store as a "self-change” instead of am "admin-change.” This is especially important if the pwdMustChange or passwordMustChange attributes had been earlier set on the user's profile on the Directory Server. If the self-change configuration is not implemented, when the user logs back into OpenSSO Enterprise, the user will be asked to change his password again