Hello Everyone,
I am facing an issue when a users logs in with expired password that has authenticated using Risk Based Policy. The configurations are as follows:
- I have defined a Risk Based Policy that authenticates users via Form based method.
- This method uses a default class and a custom form
- The contract being used has "Password expiration servlet defined" and RiskBasedMethod selected that triggers the risk policy.
So, as per this configuration when a user logs in with expired password, then it should be redirected to the URL defined in the Password expiration servlet defined. Instead it results in 500 internal error
Note that this configuration works fine and user is redirected to the SSPR page when I use same method directly in the contract instead of using a Risk Based method.
My NAM version is 5.0.2.0-309