Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin force password reset error #3111

Closed
AselaPathirage opened this issue Sep 12, 2024 · 0 comments · Fixed by wso2/product-apim#13551
Closed

Admin force password reset error #3111

AselaPathirage opened this issue Sep 12, 2024 · 0 comments · Fixed by wso2/product-apim#13551
Labels
Affected/APIM-4.2.0 Type/Bug
Milestone
APIM 4.4.0 Beta

Comments

@AselaPathirage
Copy link
Member

Description

Hi Team,

We encountered an error while resetting the password through email link when using Admin force password reset.

Screenshot 2024-09-05 at 01 17 59

We tried this approach after enabling password recovery via email.
Once the request is invoked to Admin force password reset, the user will receive an email with a link to reset their password. After clicking the link, the user will be able to set a new password, which will then be updated in the system. But redirected to the error page, while logging an error trace in the carbon log.

Steps to Reproduce

  1. Enable password recovery via email [1].
  2. Create a user through Management console and update the email address.
  3. Invoke Admin force password reset via a manual request. Here is a sample curl command.
curl -X POST --location 'https://<apim_host>:9443/services/UserProfileMgtService.UserProfileMgtServiceHttpsSoap12Endpoint' \
--header 'action: urn:setUserProfile' \
--header 'Content-Type: application/soap+xml' \
--header 'Authorization: Basic <base64encode(super_admin_username:super_admin_password)>' \
--data '<?xml version='\''1.0'\'' encoding='\''UTF-8'\''?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:mgt="http://mgt.profile.user.identity.carbon.wso2.org" xmlns:xsd="http://mgt.profile.user.identity.carbon.wso2.org/xsd">
   <soap:Header/>
   <soap:Body>
      <mgt:setUserProfile>
         <mgt:username>username</mgt:username>
         <mgt:profile>
            <xsd:fieldValues>
               <xsd:claimUri>http://wso2.org/claims/identity/adminForcedPasswordReset</xsd:claimUri>
               <xsd:fieldValue>true</xsd:fieldValue>
            </xsd:fieldValues>
            <xsd:profileName>default</xsd:profileName>
         </mgt:profile>
      </mgt:setUserProfile>
   </soap:Body>
</soap:Envelope>'
  1. Once the request is invoked, the user will receive an email with a link to reset their password. After clicking the link, the user will be able to set a new password, which will then be updated in the system. But redirected to the error page, while logging an error trace in the carbon log.

[1] https://apim.docs.wso2.com/en/4.2.0/install-and-setup/setup/security/user-account-management/#enable-password-recovery

Affected Component

APIM

Version

4.2.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Affected/APIM-4.2.0 Type/Bug
Projects
None yet
Milestone
APIM 4.4.0 Beta
Development

Successfully merging a pull request may close this issue.

Fix null pointer error in the Admin force password reset flow. shilmyhasan/product-apim-1
2 participants
@RakhithaRR @AselaPathirage