My Oracle Support Banner

Security Answers Are Allowed Duplicate When "Allow Duplicate Response" Is Unchecked In Password Policy (Doc ID 2429441.1)

Last updated on AUGUST 02, 2018

Applies to:

Identity Manager - Version 11.1.2.3.180111 and later
Information in this document applies to any platform.

Symptoms

Security answers are allowed duplicate response/answers even when "allow duplicate response" checked or unchecked 

Steps to reproduce the issue:
======================
1. Login to identity self service with xelsysadm and Click on "Manage" tab and Select Password Policies Under Policies.
2. Search with a password policy (for example:"Default Policy") and Select the policy and Click on Edit.
3. Under "Challenge Options" , Uncheck the "Allow Duplicate Responses" attribute.
4. Create a test user (End User) with password in a organization where a password policy (For example:"Default Policy") is attached.
5. Login self service as a test user (End user) and provide the new and old password and
6. Set the security(challenge) questions and answers as like below.
    Question1: What is the mother's maiden name?
    Answer 1 : TESTANSWER
    Question2: What is the city of your birth?
    Answer 2 : testanswer
    Question3: What is your favorite color?
    Answer 3 : Black
7. Now End user is allowed to set/update the duplicate security answers as like (TESTANSWER  & testanswer) for two different questions.

Note: The same behavior when End user is setting through My information page also.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.