Enabling password invalidation
Password invalidation, when enabled, requires WebSphere Commerce users to change their password if the user's password is expired. In this case, the user is redirected to a page where they are required to change their password. Users are not able to access any secure pages on the site until they change their password.
Procedure
What to do next
Commands can be configured to be exempted from the password
invalidation feature. By default, the following commands are exempt
as they involve changing or resetting a users password:
- ChangePassword
- ResetPassword
- AjaxResetPassword
- PersonChangeServicePasswordReset
- AjaxPersonChangeServicePasswordReset
Additional commands can be exempted by specifying the command in a custom properties file WC_eardir\xml\PasswordInvalidationExemptionExtension.properties.