diff --git a/core/class/class_security.php b/core/class/class_security.php
index 8b0aa9bc7ae0c52fc485ce9c52568b9864dd69d1..97f9628a0d2efbd97847c73968add0326abb97a5 100755
--- a/core/class/class_security.php
+++ b/core/class/class_security.php
@@ -235,7 +235,7 @@ class security extends Database
                     );
                 }
 
-                if ($array['change_pass'] == 'Y' && !isset($_SESSION['web_cas_url'])) {
+                if ($array['change_pass'] == 'Y' && !isset($_SESSION['web_cas_url']) && !isset($_SESSION['web_sso_url'])) {
                     return array(
                         'user'  => $array,
                         'error' => $error,
diff --git a/core/class/users_controler.php b/core/class/users_controler.php
index 349fb16c1d0a803c037c49a1b891e8ca7326594a..7f67735e7bac4d083030108b2e59a4ec3f8f62e8 100755
--- a/core/class/users_controler.php
+++ b/core/class/users_controler.php
@@ -401,7 +401,7 @@ class users_controler extends ObjectControler implements ObjectControlerIF
             $sec = new security();
             $user->password =  $sec->getPasswordHash($params['userdefaultpassword']);
 
-            if($_SESSION['config']['ldap'] == "true" || isset($_SESSION['web_cas_url'])){
+            if($_SESSION['config']['ldap'] == "true" || isset($_SESSION['web_cas_url']) || isset($_SESSION['web_sso_url'])){
                 $user->change_password = "N";
             }