Password Reset Via External Users In BCC Does Not Work After Migration From 10.x to 11.3
(Doc ID 2531540.1)
Last updated on JANUARY 15, 2020
Applies to:Oracle Commerce Platform - Version 11.3 and later
Information in this document applies to any platform.
Within the BCC one can bring up External Users under Commerce Merchandising and drill down to External Users used on the Storefront (paging server). One of the editable fields on a users profile is "Change Passwords". When you update the password for a user migrated from 10.x, the external user is unable to use that password to login.
After using the the Change Password feature in the BCC, external users should be able to use that password to log into the storefront.
The issue can be reproduced at will with the following steps:
1. Migrate from 10.2 to 11.3
2. Bring up the BCC
3. Drill down into External Users and fined the use in question
3. Update the password for the user
4) External user should be able to use the new password created from the BCC to login into the storefront
The Personalization Programming Guide generally notes that one should set the alternateUserPasswordHasher on the /atg/dynamo/security/PasswordHasherConfigurer to the passwordHasher used in 10.x. In doing so when the users profile -does not- include a passwordKeyDerivationFunction property on their user profile., the the authentication will use the alternateUserPasswordHasher to authenticate the user. Once authenticated a passwordKeyDerivationFunction will be added to the users profile, with the hashed password from PasswordHasherConfigurer.passwordHasher.
In this use-case, updating the users password via the BCC did not add a passwordKeyDerivationFunction to the ProfileAdapterRepository. The expected result was for a passwordKeyDerivationFunction property to be added to the users profile in the /atg/userprofiling/ExternalProfileRepository
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document