Password Policy History Check Not Enforced for Password Reset by Administrator
Last updated on MARCH 08, 2017
Applies to:COREid Identity - Version: 7.0.4 to 10.1.4 - Release: to 10g
Information in this document applies to any platform.
Checked for relevance on 12-Apr-2010
Example scenario: a Lost Password plugin is developed for an OAM-protected application which necessarily connects with IDXML as an administrator user in order to set the new password specified by the user after the user has correctly answered multiple challenge questions for identity verification. With this plugin password history is not checked so the user can reset their password to a password used in the past.
The custom Lost Password plugin is being implemented in order to present the user with multiple challenge-response questions before they are permitted to reset their lost password. OAM release 10.1.4 provides multiple challenge-response functionality for Lost Pssword Management out of the box. Release 7.0.4 allows configuration of only a single challenge-response question for the out of the box OAM Lost Password Management functionality.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms