Error Description
In the UMC, a teacher (user account with admin rights for their school) can select a student under “School Administration” → “Passwords (Students)”, assign a new password, and check the box “User must change password at next login.”
After the student logs into the portal (using the newly assigned password), they are prompted to change the password, but the password change fails with the following message:
Password change failed.
The following works though:
Setting a password for a user (not resetting) as an admin via UMC.
Changing one’s own password through the “Burger Menu” at the top right or via the “Change Password” button after logging into the portal.
Explanation
During the Single Sing On the password expiry is checked and if expired the user has to change the password. By default the password change request goes to the internal name of the UCS system. In some setups this may not work, for example if the system is available under an external name that is different to the internal UCS name.
Solution
The server that is used for password changes can be configured with a UCR variable, which defines the FQDN of the UCS instance used to change user passwords:
ucr set ucs/server/sso/password/change/server=$FQDN
service apache2 restart