Hi All,
Can we change the default /passwordReset to any customized forgot password flow? I need to implement custom business logic for forgot password flow. How can I achieve that?
Thanks in advance.
If you are invoking the resetPassword process from the User Self Service, service; the only way I know would be to extend the class.
Please see Overview (OpenAM Server Only 7.5.1-SNAPSHOT Documentation)
Cheers
Hi @grpensa ,
Is there any other approach to trigger a authentication tree when the user clicks on “Forgot Password?” hyperlink?
Very good question. Recall that the standard “forgotPassword” functionality typically targets a url expecting a token be passed to modify the accessed user profile, with administrative permissions to perform the post. That the Auth-N service is not accessed.
(do see the self service rest api).
https://backstage.forgerock.com/docs/am/7.5/user-self-service-guide/uss-forgotten-password.html
I do realize “many” use the Auth-N service to perform identity management. Typically, I don’t.
So, I haven’t done this any other way… but it should be simple enough…. give me a short moment to sort a solution.
I can’t tell from the thread if there is any reason you can’t implement a password reset journey. This would allow building custom business logic.
https://backstage.forgerock.com/docs/am/7.5/authentication-guide/about-authentication-trees.html
Please don’t mis-interpret my response. Of course, you could implement a passwordReset tree.
As Patrick mentioned in another thread, as a safeguard you can always add the forceAuth=true http parameter thus “forcing” the invocation of the tree.