Password Reset Doesn't Work With Post Authentication Rule To Use Duo's(Third Party) Second Factor Authentication.
(Doc ID 2443721.1)
Last updated on SEPTEMBER 22, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.0 and laterInformation in this document applies to any platform.
Symptoms
In OAM-OIM Integrated Environment, access is granted to a protected application for a user who's password has expired,
EXPECTED BEHAVIOR
User should be redirected to "Change Password Flow"
ACTUAL BEHAVIOR
User is granted access to resource even with expired password.
Changes
Setup
1. User has attributes as below
'if condition is true' - switch to a two factor authentication scheme that uses Duo's plugin (third party)
Login flow
1 - Get to OAM login page and provide ldap credentials - with expired password
2 - Redirected to Duo's SFA page where push notification is selected
3 - Get redirected to their app, no change password is required anywhere in
the flow.
Ideally the user should be forced to change password after step #2 above.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |