Users Get Password Expired Message When SSO Enabled
Last updated on JUNE 15, 2017
Applies to:Oracle Demantra Demand Management - Version 22.214.171.124 and later
Information in this document applies to any platform.
Users get password expired message when SSO enabled
We have IDM suite of OAM 11g which is connected to OID 11g as its User Identity Store. The OID has external auth plug-in enabled connected to Active Directory for password validation.
The Demantra 126.96.36.199 is SSO enabled by connected with the IDM suite.
We had some users get password expired during login and when their Demantra local password was reset, further logon went through.
We expect the authentication not to look for password and its status that is in Demantra but it looks like it does.
Please help to understand if any configuration setup to be done in the Demantra to avoid this issue?
For a user, say user id 12345, there is an OID account and an associated local Demantra account per SSO and WNA configuration. User was able to logon to Demantra SSO url without logon prompt per SSO/WNA configuration.
But the issue with some users is when their local account password has expired and they try to login to SSO url, they get the password expired page.
The Demantra Admin goes in Business Modeler and reset the password of the impacted user. This password is not the same as the one in the Active Directory. It can be anythng like welcome123.
Now the user access the SSO url and does not get the password expired page but gets into Demantra home page as it used to be.
The expected behaviour is, because the application is SSO and WNA enabled, the authentication should not look at the local password but the Active Directory.
We suspect that some kind of flag is raised when the local account 12345 gets password expired and the authentication does not proceed further to OAM-OID-AD path.
The Demantra Admin reset the password in Business Modeler. The Windows password or the Active Directory password of the user has never been touched.
Windows password is not expired. The Demantra Admin did not try to find whether the user password expired but just went ahead to reset to some dummy password just to see if the expire page does not come up anymore and it worked as well.
Customer wants to know if there is any parameter or configuration set up needs to change in order to avoid password expired message from some users.
VERSION BUILD SP UPGRADE_DATE
12.2.5 5 7314232 27-MAR-17
12.2.5 10 12250139 23-MAR-17
12.2.5 1 12250219 31-OCT-16
12.2.5 7 12250139 31-OCT-16
12.2.5 2 12250183 26-SEP-16
12.2.5 5 12250166 14-JUL-16
12.2.5 1 12250168 14-JUL-16
12.2.5 5 12250139 14-JUL-16
12.2.5 1 12250131 12-JUL-16
12.2.5 136 0 12-JUL-16
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms