My Oracle Support Banner

Password Policy History Check Not Enforced for Password Reset by Administrator (Doc ID 726094.1)

Last updated on MARCH 08, 2017

Applies to:

COREid Identity - Version: 7.0.4 to 10.1.4 - Release: to 10g
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010

Symptoms

Oracle Access Manager (OAM) password policy history check is not applied when a user password is reset by an Administrator user. 

Example scenario: a Lost Password plugin is developed for an OAM-protected application which necessarily connects with IDXML as an administrator user in order to set the new password specified by the user after the user has correctly answered multiple challenge questions for identity verification. With this plugin password history is not checked so the user can reset their password to a password used in the past.

The custom Lost Password plugin is being implemented in order to present the user with multiple challenge-response questions before they are permitted to reset their lost password. OAM release 10.1.4 provides multiple challenge-response functionality for Lost Pssword Management out of the box. Release 7.0.4 allows configuration of only a single challenge-response question for the out of the box OAM Lost Password Management functionality.


Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
  Symptoms
  Cause
  Solution
  References

Platforms: 1-914CU;

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.