Wondering if others have encountered this issue with PSSO 2.0.
We are observing that if, after registration, a user changes their IDP password, they may be prompted for their previous password in order to unlock the Keychain. We are trying to determine if this is expected behavior or if there is a way to avoid it.
To reproduce this, the flow would be as follows:
- user registers with PSSO
- user logs out and logs back in with their IDP password
- user is authenticated (and not prompted for previous password)
- user logs out
- user changes their IDP password on another machine
- user logs in and is prompted to use their previous password to unlock the Keychain.
Failure to provide the previous password nukes the Keychain, which is not an outcome we want.
Any insight anyone has on this issue would be most welcome.
Thanks