Dear colleagues,
we’re facing an issue when trying to reset passwords on target systems using the SCIM API provided by IdentityIQ 8.1p4 (update-account | SailPoint Developer Community).
Problem description:
On some of our applications we have the featureString CURRENT_PASSWORD set and we expect that the current password is validated before setting a new one on the account link.
This works as expected via LCM on all application types in scope.
However we also support use cases which allow password reset via IIQ’s SCIM API.
In this case the “currentPassword” is just ignored: we can provide any value and the password reset is still conducted without checking the currentPassword on the account link.
Expected behavior:
We would expected that the currentPassword is validated also by the SCIM API the same way it works via LCM.
Did anybody else encounter this behavior and did you probably find a workaround?
Will this be fixed in later versions of IIQ?
Your help on this is highly appreciated.
Thanks,
Daniel