Password Policy History Check Not Enforced for Password Reset by Administrator
(Doc ID 726094.1)
Last updated on MARCH 08, 2017
Applies to:COREid Identity - Version: 7.0.4 to 10.1.4 - Release: to 10g
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010
Example scenario: a Lost Password plugin is developed for an OAM-protected application which necessarily connects with IDXML as an administrator user in order to set the new password specified by the user after the user has correctly answered multiple challenge questions for identity verification. With this plugin password history is not checked so the user can reset their password to a password used in the past.
The custom Lost Password plugin is being implemented in order to present the user with multiple challenge-response questions before they are permitted to reset their lost password. OAM release 10.1.4 provides multiple challenge-response functionality for Lost Pssword Management out of the box. Release 7.0.4 allows configuration of only a single challenge-response question for the out of the box OAM Lost Password Management functionality.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|