OAM - How to enable pwd change when pwd expired in ADAM directory

For self-service password changes through Oracle Access Manager (OAM), OAM will validate the current password using an LDAP bind, and then set the new password. This is fine for a user with a valid current password, but we often have users whose passwords have expired in the directory (Microsoft ADAM) and therefore the bind will fail. This means that users whose passwords have already expired have to go through the "lost password" page (with questions and answers) instead of the usual password change page with just old+new passwords. Unfortunately, this results in help desk calls for users who are unable to remember their questions and answers (probably since they don't use them very often).
What we would like to do is allow users with expired passwords to use the standard password change page.
One possibility, of course, is to turn off password expiration at the directory level and just use OAM's password expiration. However, we have many applications (internal and third-party) that are not behind OAM, but connect directly to the ADAM directory. Turning off native password expiration in the directory would open up a hole, allowing users with expired passwords to continue using those applications.
Before we implemented OAM, we had a custom web page that called the native ADAM/AD ChangePassword method via ADSI, which does work for users with expired passwords. The ADSI method will verify that the current password matches, even if it's expired, and set the new password. We could go back to this custom page, but then the new password is not added to the OAM password history in the obPasswordHistory attribute.
Any ideas for the best way to do this? I don't mind writing custom code, but I want to integrate well with the rest of the OAM password functionality, while avoiding any messy hacks if possible...
Thanks,
Matthew

I think we've already implemented the solution you're describing. We have a custom authentication plugin configured in the Access Server that is able to detect an expired ADAM password and redirect the user.
The problem comes after that. We can redirect the user to the standard Identity Server password change page (/identity/oblix/apps/lost_pwd_mgmt/bin/lost_pwd_mgmt.cgi?program=redirectforchangepwd), where the user enters the old password and new password. However, this page will not allow the user to change the password, because the first thing the Identity Server does is attempt an LDAP bind in order to validate the old password, and a bind won't work.
One thing that I know of that will work, while still validating the old password, is the ADSI ChangePassword method. If I can somehow configure a custom plugin in the Identity Server to call this method instead of the built-in functionality for password changes, that would solve the problem.
Thanks,
Matthew

Similar Messages

  • How to enable users change password in obiee 11g?

    Is there anyone know how to enable users change password in obiee 11g?
    And I have tried the method in obiee 10g, bu it didn't work.
    Any help would be appreciate.

    As per I understand your requirement,
    In your Dashboard create a Presentation variable which receives the value of year you select.
    Now in your analysis, select the year column along with all the measures you want (Actual, plan, Forecast, and what-if, etc).
    Create a filter on Year column and convert it into SQL. Put the condition as:
    "Year" BETWEEN @{Presentaion_Variable} - 1 AND @{Presentation_Variable}
    You will get the result for selected year and the previous year.
    Hope it helps..
    Regards,
    A.K.

  • How to enable History changes in VL02N

    Hi
    I'm a bit confused for I feel like asking a basic question but I have'nt founf the answer after a lon search on ggogle ans SCN.
    The question is : how to enable histroy changes display on VL02N or VL03N ?
    I am sure that change log is on because some users can access this option.
    But for others, the option "changes" is grey in the "Environment" menu.
    I guess this is an athorization issue but I can't find how to fix it (no SU53 for is not possible to click on the option).
    I have checked the role : All activities are ticked for object S_SCD0.
    What did I miss ?

    Hi Serge,
    Do you have track changes active for delivery documents? Are there users that do not have the field grayed out?
    regards,
    Edgar

  • How to enable a ipod  when you forgot the icloud you used to set it up ?

    I had my friend charge my ipod because my charger broke and when I got it back she said that her cusin disabled my ipod on "accident" . So I was like okay cool like whatever I thought it was going to be easy to enable it but when I connected it to itunes it said to type in the icloud you use as well as the password to reciver your ipod and I dont remember it. If I go to the apple store they wont believe that this ataully happened and I have no idea where the recipt is please help this my first time ever having a device linked to apple please please help me !!!!

    Hey ther Jadabigs11,
    It sounds like you either need to find the Apple ID email address that you registered the iPod Touch with, or need to reset the password associated with that email address. If you need to find the email outright, this article will help you do that:
    Apple ID: How to find your Apple ID - Apple Support
    if you need to reset the password, use this article instead:
    Apple ID: Changing your password - Apple Support
    Thank you for using Apple Support Communities.
    Regards,
    Sterling

  • How To Enable Group Layout When Creating Chart in Crystal Reports XI

    Hi
    I Created a chart, and i placed the same on Report Header, when i want to change the layout Option As Group, it is disabled, how to enable the Group Layout Option.

    Hello
    You should have your group already created and your summary. you place your graph outside the group (RH or RF)
    Luc

  • How to enable block change tracking with pfile

    Hello
    I want to use enable block change tracking (for fast incremental RMAN backup). kindly advice how can i use this parameter using pfile.
    Thanks
    Krishna

    Krishna Agnihotri wrote:
    Hello
    I want to use enable block change tracking (for fast incremental RMAN backup). kindly advice how can i use this parameter using pfile.
    You could have just tried ,
    D:\app\aristadba\product\11.2.0\dbhome_1\database>sqlplus / as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 30 10:04:20 2011
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    Connected to an idle instance.
    SQL> startup pfile=initorcl112.ora
    ORACLE instance started.
    Total System Global Area  263639040 bytes
    Fixed Size                  1373964 bytes
    Variable Size             213911796 bytes
    Database Buffers           41943040 bytes
    Redo Buffers                6410240 bytes
    Database mounted.
    Database opened.
    SQL> alter database enable block change tracking using file 'block';
    Database altered.
    SQL>Just to show that the file actually gets created,
    SQL> alter database enable block change tracking using file 'block';
    Database altered.
    SQL> exit
    Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    D:\app\aristadba\product\11.2.0\dbhome_1\database>dir
    Volume in drive D has no label.
    Volume Serial Number is A408-F176
    Directory of D:\app\aristadba\product\11.2.0\dbhome_1\database
    08/30/2011  10:05 AM        11,600,384 BLOCK
    05/17/2010  10:45 AM             2,048 hc_orcl112.dat
    10/17/2009  01:35 PM             1,015 INITorcl.ORA
    08/30/2011  10:01 AM             1,042 INITorcl112.ORA
                  12 File(s)     21,412,139 bytes
                   3 Dir(s)  17,036,451,840 bytes free
    D:\app\aristadba\product\11.2.0\dbhome_1\database>sqlplus / as sysdba
    SQL*Plus: Release 11.2.0.1.0 Production on Tue Aug 30 10:06:40 2011
    Copyright (c) 1982, 2010, Oracle.  All rights reserved.
    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> alter database disable block change tracking;
    Database altered.
    SQL> exit
    Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    D:\app\aristadba\product\11.2.0\dbhome_1\database>dir
    Volume in drive D has no label.
    Volume Serial Number is A408-F176
    Directory of D:\app\aristadba\product\11.2.0\dbhome_1\database
    08/30/2011  10:06 AM    <DIR>          .
    08/30/2011  10:06 AM    <DIR>          ..
    05/17/2010  08:55 AM    <DIR>          archive
    05/17/2010  10:45 AM             2,048 hc_orcl112.dat
    10/17/2009  01:35 PM             1,015 INITorcl.ORA
    08/30/2011  10:01 AM             1,042 INITorcl112.ORA
    12/22/2005  04:07 AM            31,744 oradba.exe
    08/30/2011  09:05 AM             9,314 oradim.log
    12/24/2009  08:09 PM             1,536 PWDorcl.ora
    08/07/2011  11:00 PM             1,536 PWDorcl112.ora
    04/15/2011  05:52 PM         9,748,480 SNCFORCL112.ORA
    02/10/2011  09:00 PM             3,584 SPFILEORCL.ORA
    08/30/2011  09:59 AM             3,584 SPFILEORCL112.ORA
    02/10/2011  09:07 PM             7,872 upgrade.logAman....
    Edited by: Aman.... on Aug 30, 2011 10:08 AM added 2nd code snippet

  • How to enable the InputField when press the Button

    My sceanrio is by default the InputField is in disable .when ever i press the button it should enable.

    Here is the sample code for HTMLB :
    <hbj:inputField
        id="InputText"
        jsObjectNeeded="true"
        type="string"
        maxlength="30"
        value="Text" >
    <% String text = myContext.getParamIdForComponent(create_group); %>
    <SCRIPT> var jsText = '<%=text%>'; </SCRIPT>
    </hbj:inputField>
    <hbj:button id="Enable_Button"
           text="Enable"
           tooltip="Enable InputField"
           onClick="onEnableClick"
           onClientClick="enableInputField()"
           width="30px" >
    </hbj:button>
    </hbj:page>
    </hbj:content>
    <script language="javascript">
         function enableInputField()
              var funcName = htmlb_formid+"_getHtmlbElementId";
              func = window[funcName];
              var inputfield = eval(jsText);
                                    inputfield.setEnabled();
    </script>
    Refer to the following links for more info...
    http://help.sap.com/saphelp_nw04/helpdata/en/53/9d0e41a346ef6fe10000000a1550b0/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/43/067941a51a1a09e10000000a155106/content.htm
    Regards,
    Rajiv

  • How to stop Latest_Acceptable_Date change when Request_Date is changed

    Hello,
    We are implementing ATP and I am aware that when Request Date (RD) is changed it calculates latest_Acceptable_Date (LSD) based on Request_Date and Latest_Schedule_limit.
    Just wondering, if there is a way we can stop changing the Latest_acceptable_Date ( if latest_Acceptable_date is already available i.e not null) when ever request date is changed. I tried calling Process_order API by passing both the fields (LSD and RD), but it still changes the LSD based on the RD. I know that the functionality of scheduling.
    If there is any way to have same LSD if available when ever RD is changed? I would really appreciate your suggestions and thoughts. Please advice
    We are using Oracle 11.5.10.2
    Thanks,
    Lara
    Edited by: Brainlara on Jan 27, 2009 12:27 PM
    Edited by: Brainlara on Jan 27, 2009 7:13 PM

    Hi Lara,
    Though I have never tried this before, but before updating the Request Date, you may want to try setting the OM System Parameters -> Latest Acceptable Date to "Ignore the Latest Acceptable Date without warning' ?
    Check whether setting this parameter will stop changing the Latest Acceptable Date. But is there any specific reason why you want the LAD to be unchanged?
    Regards,
    Hemanth

  • How do enable pop up when browsing the internet

    I need pop ups enabled so I can access some information for some professional CPD.  how do I enable pop ups?

    Firefox Preferences
    Safari Menu Bar
    **Edit
    Oops, wrong screenshot- correct one is there now!

  • Hp 8300 SFF How to enable 3rd montior when using MAtrox p690 plus vidoe card with windows 7 pro

    I have an Hp8300 SFF running Win 7 pro with the onboard video as well as an Matrox Millenium P690 video card
    My Current configuration is using the Matrox as Video 1 and 2 but want to have a 3rd monitor running off of the onboard intel card.  I was previously able to do this in WinXP but it will not work in Win 7.
    I have enabled the intel in the bios and it shows in the device manager but I cannot get a the 3rd monitor to show in the Display.
    I have tried using the onboard video thru the vga port as well as the display port and it still will not display.  I have also tried a usb to vga and it will not display the 3rd monitor. 
    The Intel and the Matrox card show in the device manager but there is no option to enable the 3rd montior
    Help.

    Hello Dale-nationwide,
    Welcome to the HP Forums. I understand you would like assistance with your Compaq Elite 8300. However, this is a commercial product. To get better assistance, please post your issue on the HP Commercial Forums: HP Enterprise Business Community
    Thanks,
    Mario
    I worked on behalf of HP.

  • How to disable asking password when session expires

    Hi,
    When the session is timed out, I want application should automatically turned on when I click on alert/message box.
    Please suggest me in what way I can do this.
    Thanks in Advance!!!
    Regards
    Madhu Kumar

    Hi,
    This is an expected behavior and you cannot let the user login again without entering the username/password.
    One possible solution would be increasing the session timeout.
    Note: 269884.1 - How To Fix The Forms Timeout Issue In Oracle Applications 11i
    https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=269884.1
    Regards,
    Hussein

  • Does anyone know how to enable an Apple ID when it shows to be disabled?

    Does anyone know how to enable an applied when it shows to be disabled?  It shows this when I try to download an app.  Either on iPhone or iPad.

    This tells you how to proceed:
    http://support.apple.com/kb/TS2446

  • How to enable the code assist for annotation

    Hello
    i downloaded and installed netbeans 6.7.1, i found it doesnot support code assist for annotation in java Editor, when i write down @, nothing display,who can tell me how to enable this function, when i write @, the pop up menu show me the possible annotations.
    thanks

    Karandeep,
    You can apply the restriction using below approach in OAF.
    Step 1 - Modify your VO as below.
    SELECT hrorg.organization_id, hrorg.name, hrorg.date_from, hrorg.date_to
    FROM hr_all_organization_units hrorg, pa_all_organizations paorg
    WHERE paorg.organization_id = hrorg.organization_id
    AND paorg.pa_org_use_type = 'EXPENDITURES'
    AND NVL (paorg.inactive_date, SYSDATE) >= SYSDATE
    AND nvl(paorg.org_id, -1) = :1
    AND TRUNC(SYSDATE) BETWEEN hrorg.date_from and NVL(hrorg.date_to,TRUNC(SYSDATE))
    ORDER BY UPPER(NAME).
    Step 2 - Get the org_id using
    String orgId = pageContext.getOrgId();
    OAViewObject vo = getTestVO1();
    vo.setWhereClauseParam(0,orgId);
    vo.executeQuery();Regards,
    Gyan

  • To enable Log Changes For Views

    Hi,
    How to enable Log Changes for Views?
    Regards,
    Santosh

    Hi Santhosh,
                    There is no seperate indicator for 'Log Data Changes'  for Views. Changes will be automatically logged. Create a sample view, add 2 fields first and activate it. then add 1 more field and activate it. Now goto UTILITIES - > ACTIVATION LOG. you can find the changes here. if it is helpful assign points

  • How and why did my OTN pwd change?

    how do i get my pwd back to what it once was ...
    it now is all numbers .. gibberish... this is my 3rd pwd reset in past 4 months.. is that why the pwd daemon changed my pwd?
    PLS HELP me get back to 1 pwd i can remember and use!
    THanks!
    Frustrated
    IT Support LEAD

    Hi Matt - the following extract from iMovie Help should get you back on track:
    From iMovie '11 Help ( http://help.apple.com/imovie/#mov3b0fbc0a )
    To pin background music to video
    In the Project browser, move the pointer along the upper-left edge of the background music well until it turns into a hand, and then drag the top-left corner of the background music well slowly to the right. A pin icon appears in the corner of the background music well, and the background color changes from green to purple.
    Continue dragging the pin until it’s positioned above the video frame where you want the music to begin playing.The background music well turns to purple, indicating it’s been pinned to a video frame.
    After you pin music to a video frame, unless you “unpin” it, the music stays with that frame even if you rearrange the order of your video clips.
    To unpin background music
    If you’ve pinned background music to a video frame and now you want to rearrange the background music clips in your movie, you can unpin it.
    In the Project browser, click to select the background music well (it becomes outlined in yellow), and then choose Clip > Unpin Music Track.
    The Clip menu appears in a light gray bar across the top of your computer screen.
    Here's an alternative method for adding music to your video (which I use in preference to the back ground method) -
    Rather than dragging the music to the grey background area, drag it directly on top of a video clip, close to where you want it to start. When you drop the music, a narrow green strip (bar/track) will appear below the video thumbnails. You can slide this back and forth in order to get it to start in the exact position. You can also drag the ends in to shorten or trim the music track. Or drag them out again to lengthen the track. You can also split the audio and show the audio waveforms, adjust volume within a track and so forth. Check iMovie Help for more details.
    John
    Message was edited by: John Cogdell

Maybe you are looking for

  • Ipod error message on syncing playlists! HELP!

    Songs on your ipod cannot be updated because all of the playlists selected for syncing no longer exist. I get this message when my iTunes opens when connecting my iPod Mini. I don't have very much memory on my iMac so that might be why. Someone pleas

  • Loading Facelets via ResourceHandler

    Hi there, can anyone tell me what's the main difference between JSF 2.0/2.1 and JSF 2.2 regarding to "Loading Facelets via ResourceHandler". I searched many articles and discussions and regarding to Flows and reosource library contracts there are som

  • Is it possible to pass parameters to custom search portlet?

    Hello! I use custom search to display automatically results. But I need to dynamically add some conditions or change sort order based on user selection in another portlet. So, is it possible to pass parameters to custom search portlet? Boris P.S. I a

  • Nokia E65 & Blackberry

    Hello All, I need some help with installing BlackBerry Connect on my E65. Here is what happened: I had to hard reset my phone cuz it kept failing on me & I restored the settings & contacts through a backup that I had. I figured this would be a good o

  • Copy Master Database To Another Instance

    At our instasllation we have copied the Master database across instances with success. This makes migrations much easier and it has never caused any issues. However I am concerned whether this is officially supported and if there may be something we