March 28, 2017 - Sven Huisman

VMware Identity Manager – change expired password bug

If you use VMware Identity Manager (IDM) to provide access to your apps and desktops to your users, it’s important to remember that IDM is a virtual appliance based on Suse Linux. Why? Case-sensitive usernames is not an issue in Windows domains. But with Linux systems it does make a difference. Today I discovered that when a user has an expired domain password and logs on to the VMware Identity Manager portal, it matters if the user has uppercases in the username and if this uppercases are also used during login. If not, the password change is unsuccessful. In my opinion, a bug in IDM.

Here is an example to illustrate this bug:

In Active Directory, I created a user with username: SvenHuisman (capital S and capital H in the username). The user must change the password at next logon.

I log in to the IDM portal with username “svenhuisman” (all lowercases):

I get the message: Password has expired. Please set a new password.

So I enter the old password and two times the new password:

“Your old password is incorrect”. That’s strange, right?

Let’s try again, but now with username “SvenHuisman”:

Again the message “Password has expired”:

After entering the old password and two times the new password, I’m able to login (and the expired password is changed):

I reported this as a bug with VMware support. I will let you know when I get feedback and when (or if) this will be fixed.

Virtual Desktop bug / Identity Manager / Linux / VMware / Workspace ONE /