OAM User Is Not Prompted To Change Password With Change On Reset Enabled (Doc ID 1120274.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Access - Version 10.1.4 and later
Information in this document applies to any platform.

Symptoms


Oracle Access Manager (OAM) Password Policy verification has been configured in Access System for users logging into an application protected by OAM.

The configuration steps in the following documentation were completed.

Oracle Access Manager Identity and Common Administration Guide 10g (10.1.4.3)
7.8.5 Implementing Password Policies in the Access System


However OAM Access System is not implementing the password policy when users access the application. Although Change On Reset is enabled in the password policy for the users' domain, after a user's password is reset by the OAM administrator in User Manager, when that user next logs into the Portal application they are not redirected to reset their password.

Steps to Reproduce

1. Login to User Manager as OAM administrator user and retrieve a user using Search facility. Edit the user and change the user's password value.
2. In a new browser session, access the OAM-protected application.
3. The OAM login page is displayed.
4. Submit the credentials for the user whose password was reset in step 1.
5. Login is successful and the Portal application page is displayed.

Expected behaviour: the user should be redirected by OAM to reset password before access to the application page is permitted.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms