CLE with SSPR Integration forces users to change password through SSPR when not wanted

  • 7016390
  • 02-Apr-2015
  • 02-Apr-2015

Environment

CLE 3.8.0.1
SSPR 3.2 HF2
CLE installed with SSPR Configurations
AD environment
No Novell Client installed

Situation

With CLE - SSPR integration passwords MUST be changed through SSPR.  

Unchecking the box for "Change password through SSRP" in the CLE "SSPR Configurations" does nothing.
 
Users are forced to use SSPR to change an expired password even with the "Change password through SSRP" check box unchecked in the CLE configuration

Status

Reported to Engineering

Additional Information

Steps to duplicate:

1. Install SSPR with the options checked for "Enable SSPR Configurations," and  "Force user for challenge response enrollment."  Leave the option for "Change password through SSPR" and "Enable emergency access" unchecked .

2. Expire a user's password in "Active Directory Users and Computers" by resetting the password and checking the box for "user must change password at next login."

3. Login to the workstation.  User will receive a prompt saying "Your account password has expired.  Redirecting to the password reset page for change password,"  and a restricted browser will open to the SSPR link URL.