Implementing the “Resetting Forgotten Passwords” functionality as described in the OpenAM Developer’s Guide requires some additional custom code.
It’s pretty straight forward to implement this functionality and can be done in 4 steps (per the Developer’s Guide):
- Configure the Email Service
- Perform an HTTP Post with the user’s id
- OpenAM looks up email address (based on user id) and sends an email with a link to reset the password
- Intercept the HTTP GET request to this URL when the user clicks the link.
I have made the code available on my GitHub page and you are welcome to use it or modify it.
As described on the README:
- These files are a proof of concept to extend OpenAM’s REST-based password reset functionalit
- Add these two files to your OpenAM deployment root (e.g. /tomcat7/webapps/openam
- Modify the server urls to the appropriate servers in your environmet
- Change the REST Security settings in the OpenAM console (e.g. http://[AM server and port]/openam/forgotPassword.jsp)
The file resetPassword.jsp is an optional file that will display a field for the user to provide their id and will then POST to /json/users?_action=forgotPassword (Step #2 from the Developer’s Guide).
Thanks to @Aldaris and @ScottHeger for providing advice while I was working on this.