Logon Loop Grace Period Fails When Using Silent Credential Capture
Last updated on OCTOBER 19, 2016
Applies to:Oracle Enterprise Single Sign-On Suite Plus - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 11g]
Information in this document applies to any platform.
The Logon Loop Grace period setting in the application templates does not work correctly when the silent credential capture feature is enabled in the application template. The user credentials are automatically injected into the application when the user logs into the application the first time after credential capture.
The expected behavior when the Logon Loop Grace Period is enabled would be that the users should be prompted to logon to the application again before the credentials are automatically injected into the logon page.
The issue can be reproduced at will with the following steps:
1. Create application template for application whose logon form (URL) is same as that of log out form (URL).
2. Set Logon loop grace period to silent/prompt and set timer to 10 mins.
3. Logon to the application and enter the new credentials for the first time.
4. Logout of the application and Logon Manager automatically injects the credentials again without prompting the user.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms