My Oracle Support Banner

OIM R2PS2: Cannot Enter Same Password If A Password Policy Which DisAllows Past Passwords Is Attached to Both Resource and Organization to Which A User Belongs in OIM (Doc ID 2130130.1)

Last updated on APRIL 24, 2016

Applies to:

Identity Manager - Version to [Release 11g]
Information in this document applies to any platform.


OIM R2PS2: When a password policy with the DISALLOW PAST PASSWORDS attribute is set and users attempt to set a user's OIM password (USR table) and an account password (e.g UD_ADUSER table) to the same value,  OIM says that the account password is invalid since it's one of the past passwords used.

The issue can be reproduced at will with the following steps:

1. Create a password policy and set a value of 2 in the Disallow Past Passwords
2. Set the password policy on the Xellerate Users organization
3. Associate the password policy on the Resource Object
4. Create a user in the Xellerate Users organization
5. Provision a new account to the user that has the password policy set in step 3
6. Reset the password for the OIM user to P@ssw0rd123
7. Reset the password for the account
8. Enter the password P@ssw0rd123
9. An error is received even though the account has never had this value set before 

The log appears as below:

<16 11:45:37 AM CST> <Warning> <oracle.iam.platform.kernel.impl> <BEA-000000> <Orchestration validation failed on the event handler - An error occurred in class oracle.iam.provisioning.handlers.ChangeAccountPasswordValidationHandler/validate while changing the password for account with id 521 and the cause of error is The following password
policy rules were not met:Password must not be one of 2 previous passwords.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.