Wednesday, May 04, 2016

ADFS : Expired password

Continuing from ADFS : Adding "Change Password" to the default login page.

This concerned "Change Password" but then I came across a reference to the effect that once this feature was enabled, it also handled "Expired Password".

Now I tried this on Active Directory Federation Services on Server 2016 Technical Preview 4 (ADFS 4.0) but the article states that it works on ADFS 3.0 (Server 2012 R2) as well.

After logging in with an expired password. I got:


Very neat!

However, for "Forgotten Password" i.e. user requires a "Reset Password", you are out of luck.

You could configure one of the configurable strings using PowerShell to say something like "Forgot your password?" and then link that to a custom web site that you would have to create that talks to AD via LDAP.

Obviously there are security constraints with this e.g. you need something like "Secret Q & A".

Enjoy!

3 comments:

Anonymous said...

Do I have to add any claims to receive these values?

Jakub said...

Do I have to add any claims to receive these values?

nzpcmad said...

No.