Password update/change for amadmin

Maintenance
, , ,
1

Hello,
I was trying to update the amAdmin account password from a 12-character password (includes special character) to a new 32-charcter password for our AM via the UI by following the steps detailed here:
https://backstage.forgerock.com/docs/am/7.4/security-guide/securing-administration.html

I logged into the AM UI using the amAdmin account and tried to change the password but unfortunately, I was met with 3 error message toasts: “Forbidden Request Error”, an empty toast, and “Unauthorized Access”. I tried looking in the AM logs but couldn’t seem to find any errors relating to the same.

Could you please let me know what steps I can take to address this or any alternative means to update the amAdmin password?
The backstage reference does not mention any restrictions on password characters or any policy on amAdmin password and the new password does contains multiple special characters and is 32-characters long. Would that be a possible issue?

2

Hi George759,

You might be encountering a known issue where the Config store needs to be added to the Identity store to change the admin password. I’ve shared a workaround below that you can try. If the problem continues or you need more help, please submit a support ticket, and our team will be happy to assist you further.

I hope this helps.

Description:

If the config store is not added as an identity store you are unable to change amadmin password

How to reproduce the issue

  1. Setup OOTB AM
  2. check that the external config store is not in the indentity store ( (Realms > Top Level Realm > Identity Stores)
  3. change the amadmin password as mentioned here for external config store ForgeRock Access Management 7.0.2 > Security Guide > Securing Administrative Access
  4. It will fail and give an error “Forbidden Request Error” and the password will remain the same.
Expected behaviour

amadmin password will be changed

Current behaviour

“Forbidden Request Error”

Work around

Add the config store to idenity store in (AM Realms > Top Level Realm > Identity Stores) this will allow for the amadmin password to be changed.