I have a customer who would like to enable the "Password Reset" feature of HCL Connections Invite for internal Users.
Some background:
- Invite is configured so it creates internal users (can be done via "selfregistration-config.xml")
- Password rest link get send for these users and they can enter a new password, but they get an error after confirming the new password
- The new password actually gets set! But it doesn't get set, if it doesn't adhere to the password policy. There is no different error shown for this scenario
I found a Java class and references to "enableInternalResetPassword" in the files of "Invite.ear", but don't know if there is a way to enable this. I already tried enabling it by setting "enableInternalResetPassword" to "true" in a "Resource Environment Entry" for "InviteConfig".
Any idea how to enable the password reset for internal users?
If it gets set when the password policy is fulfilled, the settings are ok.
It would be a security nightmare, if you can set unsecure passwords and overwrite the policy.
I created an idea to display the password policy and asked for checking password before sending to the server, so the error message would be more clear for the users.
maybe I was a bit unclear. Of course the policy should be enforced. But "internal" Users ALWAYS get an error message after setting a password (I know the feature wasn't intended for internal Users; but I figured it couldn't hurt to ask).
I actually didn't know that the error for external Users is so cryptic as well. And displaying the Policy on the page would be ideal. Upvoted your Idea.