The authentication action of type reset-password shows a prompt where users are asked to update their password. The Action decides on whether to show this prompt by accessing the Subject Attributes and looking for the value of the attribute with the configured name.
Fig. 117 The reset password prompt
The following configuration options are available:
true
Normally, this action would run at the login flow of an authenticator like html-form. It only shows the prompt when an attribute with the configured name (attribute) is found in the Subject Attribute and its value is true. Then the user would either update the password or skip, if that is allowed by the configuration.
attribute
Note
The action doesn’t update any of the account attributes, so together with this action you probably want to create an event listener that acts on the event PasswordUpdatedCredentialManagerEvent. There you can choose to update your account store so that the next time the user logs in, you don’t ask for another password reset
PasswordUpdatedCredentialManagerEvent
Possible Validation Errors (prefixed as message keys with authentication-action.reset-password):
authentication-action.reset-password
validation.error.password.required
allow-skip==false
validation.error.password.mismatch
password!=password2
validation.error.password.weak
Internal errors at runtime might occur, if
subject