OPAM: 11.1.2.3: "Automatically Check In Account" After Last Check Out In Usage Policy Not Working (Doc ID 2264026.1)

Last updated on MAY 21, 2017

Applies to:

Oracle Privileged Account Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.0 version, Authentication & Authorization

 OPAM: 11.1.2.3: User can login after "Automatically check in Account" time in "Default Usage Policies" has elapsed since last checkout

Describe the problem
===============
OPAM: 11.1.2.3: User can login after "Automatically check in Account" time in "Default Usage Policies" has elapsed since last checkout.

Expected results: user should not be able to login using the last checkout password after "Automatically check in Account" time has elapsed.

Actual result : user is able to login to the target system using the last checked out password after "Automatically check in Account" time has elapsed.

Provide a step by step test case
================================
(1) Usage Policies --> Default Usage Policies --> Usage Rules -->
Automatically check in account --> Changed from 7200 minutes to 5 minutes.

(2) The server configuration is all defaults

Usage Policy enforcement interval in seconds - 3600
Password Policy enforcement interval in seconds - 3600

(3) Logged into the opam console as a user
My accounts --> password checkout --> note down the password expiry "time and date".

(4) Now login to the target system using the same password after the password expiry time.
================================

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms