Instructions on how to enable the feature to verify the current password when changing a password in Identity Manager.
In Identity Manager 12.5SP4, a feature was added that allows the verifying of current passwords during a change password task. This is accomplished through the Logical Attribute Handler called "ConfirmPasswordHandler". This Handler comes with a default Identity Manager installation but is not enabled by default. This knowledge document includes the instructions on how to enable this feature.
By default in an Identity Manager install, the "ConfirmPasswordHandler" is configured. To see this, login to the Management Console and browse to Environments>Your Environment>Advanced Settings>Logical Attribute Handers> ConfirmPasswordHandler. You will see the following:
Notice the attribute name above is |oldPassword|. This is the attribute we need to add to the screen for the Change My Password task. To do this, login to the Identity Manager GUI as an administrator. Browse to the task you want to modify (in our case "Change My Password") and it is suggested that you make a copy of this task to modify. To do this, select to create a new task and you will be prompted to copy an existing task.
Click on the Tabs tab:
Click the pencil icon next to the Profile:
Click the Browse button next to the Screen field:
Here you can select to "Copy" the existing screen if you are creating a copy of the existing task and you don't want to modify the screen for the existing task. Otherwise click the "Edit" button. Click the button to add an attribute to this screen and select |oldPassword| from the drop down:
Change the "Style" to Password. You can also change the "Name" field (as done above) to be a more user friendly name on the screen presented to the user.
Repeat these steps to add the "DisabledState" Attribute to this screen (if it isn't already there). Leave that field as hidden.
Apply these changes and then click Ok at the bottom. On the next screen click "Select". On the next screen click "Ok" and finally on the last screen click "Submit". You should receive a "Task Complete" message.
Note that if you made a copy of the task, you may need to modify your roles so that the task is included for that role.
So now login to Identity Manager as a user who has this new task included and launch the new task. You should see the following screen:
NOTE: If your task fails with the following error on the screen:
Make sure you have added the "DisabledState" attribute to the screen as mentioned above.