User is Not Challenged for Credentials on Additional Browser Tabs When the First Tab is on the OIM Change Password Page (due to passwordExpired)
Last updated on OCTOBER 20, 2017
Applies to:Oracle Access Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
After following the solution from the Doc ID 2304335.1 and Doc ID 2304350.1 to setup custom request attribute(s) in an OAM IDP federation flow it has been observed that when the user is on the OIM passwordChange page (due to their password being expired) in one browser tab and a 2nd browser tab is opened and a federated resource is accessed the user is not challenged for credentials nor is the browser redirected to the OIM change password page even though the password has not yet been reset.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms