Account Not Locked If 'Current Password' Is Incorrectly Entered 3 Times During 'Force Change Password' When OAM Password Policy Is in Place.
(Doc ID 2043366.1)
Last updated on OCTOBER 24, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.2.0 and laterInformation in this document applies to any platform.
Symptoms
1] Consider a user who requests the admin team for a password reset.
2] Admin resets the password <VALUE>
3] Login to the application(protected with Oracle Access Manager (OAM)) with <username> and <passssword>
4] Force change password window appears.
5] Enter the current password as (some random valuue
6] Enter in New and confirm password fields a password that meets the password policy
7] Click on 'Change Password'
8] Repeat steps 5 to 7 for 3 times
Expected Result:
After 3 invalid attempts the user account must get locked and error message.
Actual Result:
User account is not getting locked. User can continue to enter incorrect current password - we tested till 9 attempts.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |