Password Reset Doesn't Work With Post Authentication Rule To Use Duo's(Third Party) Second Factor Authentication. (Doc ID 2443721.1)

Last updated on SEPTEMBER 22, 2023

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

In OAM-OIM Integrated Environment, access is granted to a protected application for a user who's password has expired,

EXPECTED BEHAVIOR

User should be redirected to "Change Password Flow"

ACTUAL BEHAVIOR

User is granted access to resource even with expired password.

Changes

Setup

1. User has attributes as below

'if condition is true' - switch to a two factor authentication scheme that uses Duo's plugin (third party)

Login flow

1 - Get to OAM login page and provide ldap credentials - with expired password
2 - Redirected to Duo's SFA page where push notification is selected
3 - Get redirected to their app, no change password is required anywhere in
the flow.

Ideally the user should be forced to change password after step #2 above.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Password Reset Doesn't Work With Post Authentication Rule To Use Duo's(Third Party) Second Factor Authentication. (Doc ID 2443721.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!