Users using the Forgotten Password module within Self-Service Password Reset will have to enter their username twice before they can change their password.

We are using SSPR for Linux version 4.7.0. Users using the Forgotten Password module within Self-Service Password Reset must enter their username twice before changing their password. 

Within the Forgotten Password module, we are using OAuth external verification. Users enter their password and then are sent to our external IDP for authentication, which is expected. However, after they authenticate, they are incorrectly sent back to the "enter your username" page in SSPR. Then, they must enter their username a second time, before they are allowed to change their password. We see "5028 Bad Session Error" in the logs, but are not using a load balancer, so the suggested fix of making the LB sticky does not apply.

We have already opened a ticket with support as well. Has anyone else seen this issue or know of a fix? 

Labels:

Self Service Password Reset