Account Not Locked If 'Current Password' Is Incorrectly Entered 3 Times During 'Force Change Password' When OAM Password Policy Is in Place.
Last updated on SEPTEMBER 21, 2016
Applies to:Oracle Access Manager - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
1] Consider a user 'user001' who requests the admin team for a password reset.
2] Admin resets the password to 'Oracle12345'.
3] Login to the application(protected with Oracle Access Manager (OAM)) with username mk001 and password Oracle12345.
4] Force change password window appears.
5] Enter the current password as (some random value) 'asdkfjghfasdljgfadljgfhdalkjghl'
6] Enter in New and confirm password fields a password that meets the password policy e.g. Welcome1234
7] Click on 'Change Password'
8] Repeat steps 5 to 7 for 3 times
After 3 invalid attempts the user account must get locked and error message.
User account is not getting locked. User can continue to enter incorrect current password - we tested till 9 attempts.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms