My Oracle Support Banner

OAM 11g : User Is Able to Change the Password Even If the 'obuseraccountcontrol' Attribute Is Set to DISABLED (Doc ID 2043399.1)

Last updated on MARCH 18, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.2.4 and later
Information in this document applies to any platform.

Goal

1] Consider a user who requested the admin to reset the password.
2] Admin resets the password
3] Login to the dummy application using username and password
4] Force change password window appears.
 
At this time an Admin user changes the user.status to DISABLED by modifying the 'obuseraccountcontrol' attribute to Disabled and submitting the changes. Changes are saved successfully on Oracle Unified Directory (OUD).
 
5] User enters the current password and enters new and confirm password (which complies with password policy.)
 
6] Click on 'Change Password'
 
Expected Result:
User must not be able to change the password since the account state has been changed to disabled.

Actual Result:
 
User is able to change the password successfully.
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.