Security Answers Are Allowed Duplicate When "Allow Duplicate Response" Is Unchecked In Password Policy
(Doc ID 2429441.1)
Last updated on APRIL 03, 2019
Applies to:Identity Manager - Version 220.127.116.11.180111 and later
Information in this document applies to any platform.
Security answers are allowed duplicate response/answers even when "allow duplicate response" checked or unchecked
Steps to reproduce the issue:
1. Login to identity self service with System Administrator user and Click on "Manage" tab and Select Password Policies Under Policies.
2. Search with a password policy (for example:"Default Policy") and Select the policy and Click on Edit.
3. Under "Challenge Options" , Uncheck the "Allow Duplicate Responses" attribute.
4. Create a user (End User) with password in a organization where a password policy (For example:"Default Policy") is attached.
5. Login self service as a test user (End user) and provide the new and old password and
6. Set the security(challenge) questions and answers as like below.
Question1: What is the mother's maiden name?
Answer 1 : TESTANSWER
Question2: What is the city of your birth?
Answer 2 : testanswer
Question3: What is your favorite color?
Answer 3 : Black
7. Now End user is allowed to set/update the duplicate security answers as like (TESTANSWER & testanswer) for two different questions.
Note: The same behavior when End user is setting through My information page also.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!