OAM Force Password Change Does Not Work When Adaptive Authentication Is Enabled

(Doc ID 2094106.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


During force password change and having adaptive authentication is enabled you will observer that it does not work. The flow is:

1. User logs in using Username & password.

2. System determines whether Multi factor authentication is required, based on Post Authentication rule.

3. If user is required to have Multi factor authentication, system will redirect user to One time password page. 

4. user enters the correct OTP

5. System redirect user to landing page

Log Analysis:

There are a number of LDAP 49 wrong password errors.
There are a number of 'could not get user errors'

Line 1662: at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.checkAndThrowAuthenticationException(AuthenticationModuleExecutor.java:375)
Line 1703: Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20027: Could not get user : ststoraelston, idstore: IDSPROFILE-IdentityStore, with exception: oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter (&(|(objectclass=inetorgperson)(objectclass=oblixPersonPwdPolicy))(uid=ststoraelston))..


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms