Hi,
In the microsoft management tools there is a checkbox: "user must change
password at next logon". If I check that box, keycloak 2.5 gives us a
logon failure.
Perhaps it would be only a rather small change, to map that MSAD
checkbox ("Pwd-Last-Set" = 0) to the equivalent in keycloak:
"credentials" / "temporary" switch. So the next time a user is asked
to
change his/her password.
More MS info here:
https://msdn.microsoft.com/en-us/library/ms679430
And, and thanks very much very much for the recent fix of issue 2333, on
MSAD password policies! Much appreciated! :-)
MJ