My Oracle Support Banner

Security Answers Are Allowed Duplicate When "Allow Duplicate Response" Is Unchecked In Password Policy (Doc ID 2429441.1)

Last updated on APRIL 03, 2019

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


Security answers are allowed duplicate response/answers even when "allow duplicate response" checked or unchecked 

Steps to reproduce the issue:
1. Login to identity self service with System Administrator user and Click on "Manage" tab and Select Password Policies Under Policies.
2. Search with a password policy (for example:"Default Policy") and Select the policy and Click on Edit.
3. Under "Challenge Options" , Uncheck the "Allow Duplicate Responses" attribute.
4. Create a user (End User) with password in a organization where a password policy (For example:"Default Policy") is attached.
5. Login self service as a test user (End user) and provide the new and old password and
6. Set the security(challenge) questions and answers as like below.
    Question1: What is the mother's maiden name?
    Answer 1 : TESTANSWER
    Question2: What is the city of your birth?
    Answer 2 : testanswer
    Question3: What is your favorite color?
    Answer 3 : Black
7. Now End user is allowed to set/update the duplicate security answers as like (TESTANSWER  & testanswer) for two different questions.

Note: The same behavior when End user is setting through My information page also.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.