Why do I like OpenAM that much after all these days (from Sun Access Manager, to Sun OpenSSO, to ForgeRock OpenAM)?
The answer is simple: it's highly flexible.
For automatic generation of a random password after a reset, there is always a default implementation - PasswordGenerator that comes out-of-the-box.
So what if this default implementation does not suit what your customers want? Write your own implementation! That's what I like about it - the flexibility to hook in my own plugin.
For password reset notification, the default implementation - NotifyPassword uses email medium to alert users.
If your customers require a SMS notification, what do you do? Write your own implementation! That's what I like about it. :)
Well, maybe not for those who do not like to code though. :>