(create clean home - to avoid data lost)
set securityPolicy/credentials/password/maxAge, wait to expire password, try to log in with user (like administrator) to midPoint. In GUI you see:
"User doesn't have defined password."
in idm.log is:
DEBUG (com.evolveum.midpoint.model.impl.security.SecurityHelper): Login failure username=administrator, channel=http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user: password expired