OAM 11R2: OAM do Not Handle Back End Password Policies
(Doc ID 1640915.1)
Last updated on OCTOBER 19, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.1.0 and laterInformation in this document applies to any platform.
Symptoms
OAM 11.1.2.1.0 experiences a bug that has been fixed since 11.1.1.5.1 (Doc ID 1447650.1).
The code for password expired "OAM-10" is not propagated to the custom login page.
Instead Code OAM-1 or OAM-2 is propagated (depending on the server error mode in the Access Manager settings).
In the log of the managed server in the OAM-Domain we can see the correct exception / warning coming from the LDAP. But this seems to be mapped to the wrong code by OAM.
This behavior contradicts the documentation (Administrator's Guide for OAM 11.1.2, Chapter 11.4.1, E27239-03).
The Problem shows up regardless of the Authentication module using LDAP_OID or a custom Plugin (based on the LDAPPlugin).
Switching the server error mode in the Access Manager settings to Osso10g is a workaround as warning code pwd_expired_err is correctly propagated.
Changes
Use OID and OAM password policy in parallel.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |