User is Not Challenged for Credentials on Additional Browser Tabs When the First Tab is on the OIM Change Password Page (due to passwordExpired)
(Doc ID 2317473.1)
Last updated on OCTOBER 20, 2017
Applies to:Oracle Access Manager - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
After following the solution from the Doc ID 2304335.1 and Doc ID 2304350.1 to setup custom request attribute(s) in an OAM IDP federation flow it has been observed that when the user is on the OIM passwordChange page (due to their password being expired) in one browser tab and a 2nd browser tab is opened and a federated resource is accessed the user is not challenged for credentials nor is the browser redirected to the OIM change password page even though the password has not yet been reset.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!