OIM 11g: XL.MaxPasswordResetAttempts System Property is Ignored when Trying to Change User Password in Self-service
Last updated on NOVEMBER 03, 2016
Applies to:Identity Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
**Checked for Relevance 20-Sep-2013**
Whatever the value set for the XL.MaxPasswordResetAttempts system property, when trying to change user password in self-service by providing an incorrect old password, user is still locked out after 5 attempts.
How to exhibit this problem :
1) Suppose XL.MaxPasswordResetAttempts system property has value 10
2) Login to OIM as any "normal" user.
3) Go to Profile->Security->Change Password.
4) Try to change password by providing wrong old password 5 times (each time, get "The password change operation failed while validating old password." popup)
User is locked when it tries to login again and an error message is displayed : "Invalid sign in."
The following traces show up in OIM log file :
<Nov 8, 2011 4:53:28 PM CET> <Notice> <Security> <BEA-090078> <User testuser1 in security realm myrealm has had 5 invalid login attempts, locking account for 30 minutes.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms