Password Changes in the SSO Environment 

When users log on with passwords the system checks whether the password needs to be changed. Possible reasons for changing the password are that it is set to initial or has expired.

If the user logged on through user/password query or through basic authentication, the user has to change the password.

If the logon was through, for example, an SSO certificate, rather than through user/password query, parameter login/password_change_for_SSO is used to determine how the system should behave.

·        login/password_change_for_SSO=0

The obligation to change the password is ignored.

No password change dialog box is displayed.

·        login/password_change_for_SSO=1 (default setting)

The password must be changed or deleted.

The password change dialog box appears with an additional delete button.

·        login/password_change_for_SSO=2

The password change dialog box appears and the password must be changed (input: old and new password).

·        login/password_change_for_SSO=3

The password can only be deactivated.

The password is automatically deactivated and no dialog box appears.

Note: Once the password has been deleted the user cannot log on with this password again. The system administrator must assign a new password.