My Oracle Support Banner

E1: SEC: LDAP: SCHED: Users Are Allowed to Set and Use a Long Password (More Than 10 Characters) on JAS and FAT (Development) Clients Login Page, Even the Long Password Feature Is Not Enabled on Tools Release 9.2.2.7 and 9.2.3.1 or Later (Doc ID 3014243.1)

Last updated on APRIL 08, 2024

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

Sign-on page accepts more than 10 characters even the Long Password Feature is not enabled on tools release 9.2.2.7 and 9.2.3.1 or later, on JAS (E1 HTML) server or FAT (Development) client login page.
This issue is similar with the one described in Doc ID 2179718.1 - E1: SEC: 9.2 Web Sign-on Page accepts more than 10 characters with Disabled Long Password Feature, but occurs on tools releases where the fix for Bug 28841230 or Bug 24587808 is included.

The issue has been observed in the following scenarios:
A. LDAP authentication is enabled and the password set at LDAP server level containing more than 10 characters is accepted at login.
B. Users are able to set their password with more than 10 characters if using JAS server, when the user is forced to reset his password. On FAT (Development) client, if user is prompted to change his password and if will try to use a long password, the password will be truncated to 10 characters.

In case a scheduled job is setup using the user credentials which are accepted to log into JD Edwards from JAS server login page or FAT (Development client) login page, the validation of scheduled job will fail.

Steps to replicate:

Scenario A
1. Set a password for a user which contains more than 10 characters in LDAP, while the long password feature is not enabled;
2. Login on JAS server or FAT (Development client) with the user for which password has been changed at step 1 above, and notice that the password is accepted and login is successful;
3. Set a simple schedule job (e.g. R006P|XJDE0001) to be submitted by the same user and use the same credentials. On clicking on OK in P91300, the scheduled job will not be saved and the following error will be shown on the bottom of P91300: Error: Password is Invalid.

Scenario B
1. Create a new user and set "Force Immediate Password Change" on.
2. Login on JAS server with the newly created user and set a new long password. Notice that the password is accepted and login is successful;
If user is login on FAT (Development client) and is prompted for changing the password, when entering a password which exceeds 10 characters, the password will be truncated to 10 characters.
3. Set a simple schedule job (e.g. R006P|XJDE0001) to be submitted by the same user and use the same long password set using JAS server login page. On clicking on OK in P91300, the scheduled job will not be saved and the following error will be shown on the bottom of P91300: Error: Password is Invalid.

In both cases, the error reported in P91300 (Schedule Jobs):

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.