My Oracle Support Banner

Soft Token Authentication Not Working If Browser Is Refreshed Without Inputting The Token Code (Doc ID 2830277.1)

Last updated on MAY 12, 2022

Applies to:

Oracle Banking Digital Experience - Version 21.1.0.0.0 to 20.1.0.0.0 [Release 21 to 20]
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOR
---------------
When "Time Based Soft Token" is enabled for any user, and he tries to login, at the time of inputting soft token code,
without entering if the user refreshes the browser, then the user is logged in without any authentication

EXPECTED BEHAVIOR
-----------------------
If "Time Based Soft Token" is enabled, it should validate the code and then dashboard should load.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Enable "Time Based Soft Token" authentication and login with user credentials.
2. Upon getting the soft token verification popup, refresh the browser window instead of entering the code.
3. The user is logged in without any form of authentication.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users are logged in without authentication.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.