OAM 10g: Back Button In 'Password Changed Successfully' Page Does Nothing Or Causes Error ErrReservedURL

(Doc ID 1368266.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Identity - Version: 10.1.4.3 to 10.1.4.3
COREid Access - Version: 10.1.4.3.0 to 10.1.4.3.0]
Information in this document applies to any platform.

Symptoms

Oracle Access Manager (OAM) 10g has been configured for password policy implementation. The OAM password policy has Change On Reset checked so new users or users who have had their passwords reset by an administrator are forced to change their password when they login.

This functionality was working without issue until OAM 10.1.4.3 was patched with Bundle Patch 08 (BP08), BP09 or BP10.

Now after changing their password, when the user clicks the Back button in the 'Password Changed Successfully' page one of two cases occurs:

a) The Back button does nothing. The user is not redirected to relogin using their new password and after that redirected to the protected application page.

b) The Back button causes WebGate error ErrReservedURL. The user is redirected to the following URL when they click the Back button:

http://apphostname.domain:port/oberr.cgi?status%3D400%20errmsg%3DErrReservedURL%20p1%3D%2Fobrar.cgi


Steps to reproduce

1. New user or user whose password has been reset by an administrator accesses an OAM protected resource.
2. The OAM login page is displayed.
3. User submits valid credentials in OAM login page.
4. User is redirected to the OAM Identity System Change Password page.
5. User submits original password and new password (twice).
6. The OAM Identity System 'Password changed successfully' page is displayed with Back button below the text.
7. User clicks the Back button and gets either one of the symptoms a) or b) described above.

Expected result

a) If auto-login after password change is not configured (ref: <> - How to Enable Auto-Login After Password Reset) then after clicking the Back button the OAM login page should be redisplayed: on submitting username and new password the protected resource should be displayed.

b) If auto-login after password change is configured then after clicking the Back button the protected resource should be displayed.


Changes

OAM 10.1.4.3 has been patched with BP08 or BP09 or BP10.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms