Password synchronization in OpenIAM is built upon the same infrastructure as the provisioning connectors. To synchronize passwords, we can use the setPassword and resetPassword operations that are found on the Provisioning service. A summary of what these operations do can be found below:
Reset Password
- Generates a password based on policy rules
- Resets the pwdChangeCount to 0
- Sets the resetPwd flag to 1
- Also clears the isLocked flag that is set when a person locks out with incorrect logins.
Set Password
- Validates the password supplied by the user against policy
- Changes the password to what is supplied by the user
- Increments the pwdChangeCount – see the use case below for logic to increment.
- Sets the resetPwd flag to 0
- Sets the PWD_CHANGED to reflect the date time when a password was changed
- Synch's the password with managed systems – if the managed sysId is 0 (primary identity)
Labels: