000015132 - AM 7.1- Your password has expired. You are required to create a new password

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015132
Applies ToAuthentication Manager 7.1 on all supported platforms
Appliance 3.0
SP2
Self Service console
Issue

When user is attempting to logon to the Security console they get prompted to change their Password.

Your password has expired. You are required to create a new password

When they attempt to change the password, they get an error message: " Authentication Error. Password change Failed. Please Try Again"


The following exception can be seen in the System log Report

java.lang.NullPointerException, at

java.util.Calendar.setTime(Calendar.java:1032), at

com.rsa.ims.authn.impl.policy.PasswordPolicyLifetimeRequirement.isPasswo

rdChangeRequired(PasswordPolicyLifetimeRequirement.java:118), at

com.rsa.ims.authn.policy.RuntimePasswordPolicy.isPasswordChangeRequired(

RuntimePasswordPolicy.java:123), at

com.rsa.ims.authn.impl.PolicyEvaluatorImpl.isPasswordChangeRequired(Poli

cyEvaluatorImpl.java:120), at

com.rsa.ims.authn.impl.PasswordAuthenticationMethod.checkPasswordChangeR

equired(PasswordAuthenticationMethod.java:518), at

com.rsa.ims.authn.impl.PasswordAuthenticationMethod.login(PasswordAuthen

ticationMethod.java:234), at

com.rsa.ims.authn.impl.handler.MethodLoginHandler.executeMethodLogin(Met

hodLoginHandler.java:88), at

com.rsa.ims.authn.impl.handler.MethodLoginHandler.execute(MethodLoginHan

dler.java:52), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.PolicyPreloginHandler.execute(PolicyPrelo

ginHandler.java:72), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.MethodPreloginHandler.execute(MethodPrelo

ginHandler.java:72), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.AutoRegistrationHandler.execute(AutoRegis

trationHandler.java:99), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.SessionPreloginHandler.execute(SessionPre

loginHandler.java:140), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.UnknownPrincipalIdResolutionHandler.execu

te(UnknownPrincipalIdResolutionHandler.java:65), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.PrincipalPreloginHandler.execute(Principa

lPreloginHandler.java:174), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.authn.impl.handler.HandlerImpl.execute(HandlerImpl.java:160)

, at

com.rsa.ims.authn.impl.handler.SessionLookupHandler.execute(SessionLooku

pHandler.java:118), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46), at

com.rsa.ims.instrumentation.monitor.AuthnMonitor.execute(AuthnMonitor.ja

va:60), at

com.rsa.ims.authn.impl.HandlerChainImpl.executeNext(HandlerChainImpl.jav

a:46)


Error:  "Authentication Error. Password change Failed. Please Try Again"
Cause

The user account used to login to the Security Console is from an External AD identity source. The initial Password Policy is set to prompt the user to change the password every 90 days, thus the user is prompted to change their password.

The Identity source is Read Only thus the user cannot change/Update the AD password. The AD password policy doesn't require the user to change the password.

ResolutionEdit the default and/or relevant password policy in the Security Console and disable "User is required to Change Password" 
 or "Require periodic password changes"
Legacy Article IDa49194

Attachments

    Outcomes