My Oracle Support Banner

Password Reset Doesn't Work With Post Authentication Rule To Use Duo's(Third Party) Second Factor Authentication. (Doc ID 2443721.1)

Last updated on FEBRUARY 28, 2019

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

In OAM-OIM Integrated Environment, access is granted to a protected application for a user who's password has expired,

EXPECTED BEHAVIOR

User should be redirected to "Change Password Flow"

ACTUAL BEHAVIOR

User is granted access to resource even with expired password.



Changes

Setup

1. User has attributes as below 


 'if condition is true'  -  switch to a  two factor authentication  scheme that uses Duo's plugin (third party)

 

Login flow 

1 - Get to OAM login page and provide ldap credentials - with expired password
2 - Redirected to Duo's SFA page where  push notification is selected
3 - Get redirected to their app, no change password is required anywhere in 
the flow. 

Ideally the user should be forced to change password after step #2 above.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.