OAM 11g : User Is Able to Change the Password Even If the 'obuseraccountcontrol' Attribute Is Set to DISABLED (Doc ID 2043399.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.2.4 and later
Information in this document applies to any platform.

Goal

1] Consider a user 'user001' who requested the admin to reset the password.
2] Admin resets the password to 'Oracle12345'
3] Login to the dummy application using username user001and password Oracle12345
4] Force change password window appears.
 
At this time an Admin user changes the user.status to DISABLED by modifying the 'obuseraccountcontrol' attribute to Disabled and submitting the changes. Changes are saved successfully on Oracle Unified Directory (OUD).
 
5] User enters the current password as Oracle12345 and enters new and confirm password as Welcome12 (which complies with password policy.
 
6] Click on 'Change Password'
 
Expected Result:
User must not be able to change the password since the account state has been changed to disabled.

Actual Result:
 
User is able to change the password successfully.
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms