|Applies To||RSA Access Manager 6.1.4 (SP4)|
AxM 6.1.4: How to obtain a users old password in a password hook event.
The PasswordHookEvent(sirrus.da.admin.User user, String password, String eventType, StringBuffer exceptionMessage) does not have access to the users old password.
|Cause||The password hook event is generated whenever any action changes the users password. There are two adminAPI calls that lead to this event:|
1. The adminAPI call setPassword has no knowledge of the users current password, it is not available to this call in any manner!
2. There is a separate adminAPI call resetPassword that is intrinsically aware of the users current password as it is used as an authentication parameter in the call.
In the release version of Access Manager 6.1.4, there was no feature to return the old password.
|Resolution||A change has been introduced in hofix 188.8.131.52 for RSA Access Manager 6.1.4 that adds the ability to retrieve the users old password in the PasswordHookEvent. Note that *only* passwords changed with resetPassword will return a result. If setPassword was used to change the password, then the call will return a null. |
public PasswordHookEvent(User user, String password, String oldPassword, String eventType, StringBuffer exceptionMessage)
|Legacy Article ID||a60891|