Forgotten password module
SSPR configured to use NMAS
Users are forced to change password after successfully answering challenge questions in forgotten password module.
This is the behavior even if SSPR is configured to use NMAS, and NMAS is configured to email the forgotten password to users. Since NMAS was configured to email password, the expectation was that users would be emailed a password by SSPR. This does not happen.
This is working as designed. Enhancement request has been entered.
Workaround: Configure SSPR to send a password to the user via email. In the SSPR configuratoin manager, on the Modules, Forgotten Password page is an option called "Forgotten Password Success Action. This can be set to email a new password to the user, as opposed to allowing the user to create a new password.