User change password after first logging in Oracle 11g

Similar Messages

• Change Password on first use does not work properly.

  I have created apex application user in Oracle Apex 3.2 as follows
  BEGIN
  APEX_UTIL.CREATE_USER(
  p_user_name => 'NEWUSER1',
  p_web_password => 'secret99');
  END;
  As in the documentation
  p_change_password_on_first_use  IN      VARCHAR2    DEFAULT 'Y',
  User should be prompted to change password at first use. But it does not work properly. There is no such message. Still accepts user to log in with old passord that was first given to the user. I have tried explicitly to ensure change password at first log in. by
  BEGIN
  APEX_UTIL.CREATE_USER(
  p_user_name => 'NEWUSER1',
  p_web_password => 'secret99',
  p_change_password_on_first_use =>'Y');
  END;
  Still does not work. How can I ensure user to change password on first login.
  Hasan Al Mamun
  Programmer
  Bangladesh Bank
  Dhaka, Bangladesh

  Might be a long way around the problem but I would utilize a boolean flag in a column (FIRST_LOGIN) your custom auth table set to 'Y' when you create their account. Then on the login page have a page process something like:
  ** NOT TESTED **
  declare
  v_first VARCHAR2(10;
  v_session NUMBER;
  begin
  v_session := APEX_CUSTOM_AUTH.GET_NEXT_SESSION_ID;
  select FIRST_LOGIN into v_first from AUTH_TABLE where user_name = :P101_USERNAME and :P101_PASSWORD;
  if v_first = 'Y' then
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v_session,
  P_FLOW_PAGE => :APP_ID||':2' *** THIS IS YOUR PAGE TO HAVE THEM RESET THEIR PASSWORD ***
  else
  wwv_flow_custom_auth_std.login(
  P_UNAME => :P101_USERNAME,
  P_PASSWORD => :P101_PASSWORD,
  P_SESSION_ID => v_session,
  P_FLOW_PAGE => :APP_ID||':1' *** MAIN LOGIN PAGE *****
  EXCEPTION WHEN OTHERS THEN
  *** handled **
  end;
  The page 2 in this example would have an few items for them to enter their new password twice, a page process to update their password in the auth table and then redirect them to the intended first page.
  Not sure if it meets your setup.
  Ricker

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Create a user through the API and "Prompt user to change password after next login".

  Using the Adobe Connect Interface, I can create a user and check the checkbox to "Prompt user to change password after next login".
  Can I achieve the same result using the API? The principal-update action doesn't offer such an option and, as far as I can tell, there isn't another action to do so either.
  Thank you.

  You can achieve it as part of your application functionality, but not as a configuration option on WLS.

• User must change password after reset?

  I am looking at the password policy settings and am wondering what "User must change password after reset� actually does. I turned it on. I tried changing some passwords in an ldap client and didnt get any messages or errors after authn again. And I didnt see a special attribute in the persons entry. Any clues?

  When the flag is enabled and the password is changed by "cn=directory manager", the next time the user authenticate, the server returns the Password Expired Control (with a Success code) and all requests other than modify of userPassword are rejected.

• Restrict users from changing password on first login?

  Hi,
  I am doing mass user upload into UME using script import. How should I use the below functionality to restrict the users from changing password on first login?
  IUserAccount uacc =UMFactory.getUserAccountFactory().newUserAccount(uid,newUser.getUniqueID());
  uacc.setPassword("saras");
  uacc.setPasswordChangeRequired(false);
  How to implement above functionality with mass upload from script import?
  Thanks
  Srinivas
  Edited by: srinivas M on Jan 20, 2009 9:05 PM

  hi srinivas,
  try this api
  http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IUserAccount.html#isPasswordChangeRequired()
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  this document able to retrive the password.. same positon u can disable the field
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10649c90-24af-2b10-1086-ea0667ec3655
  thanks

• Changed password when first signing up to iPhoto now I can't send pictures

  I didn't realize you could not change password in iphoto share.  First time user . . .changed password when prompted to enter a password during first log-in to share.  Now, every time I want to share a photos, I get an error message that iphoto doesn't recognize email with password and therefore cannot share.  New to MAC and frustrated.

  Have you gone to the iPhoto accounts preference and set the correct password?
  or set Apple mail as your e-mial client in the iPhoto preferences
  LN

• Unable to change password while first logon on windows server 2008 R2 SP1 system

  Hi Team,
  Ad team has created new account for me with change password on first logon setting
  When I logged in on Windows Server 2008 r2 SP1 system with my new credentials I get a error message stating that
  "You must change your password before logging on the first time. For assistance, conatct your system administrator or technical support" 
  Concern:
  I do not get password change screen on first logon on the server. How should I change my password on first logon?

  Hi,
  I got resolution for above issue
  Run ==> type "tsconfig.msc" ==> double click "RDP-TCP" ==> change security layer to
  RDP Security layer ==> Apply ==> OK

• Wwv_flow_fnd_user_api.edit_fnd_user to set change password on first use

  Hi,
  Oracle Database 11g Release 11.2.0.1.0 on Windows 2008 R2 x64
  Application Express 4.1.0.00.32
  I am importing a workspace from our dev system to 100 databases and I want to make sure the developers are not forced to change password on first loging otherwise this is going to waste a lot of time
  I am running
  alter session set current_schema = APEX_040100;
  begin
       wwv_flow_security.g_security_group_id := 10;
       wwv_flow_security.g_user := 'ADMIN';
       wwv_flow_security.g_import_in_progress := true;
       for r in (select *
                 from apex_040100.wwv_flow_fnd_user
            where security_group_id <> 10) loop
            wwv_flow_fnd_user_api.edit_fnd_user(p_user_id => r.user_id,
                                          p_user_name => r.user_name,
                                          p_change_password_on_first_use => 'N',
                                          p_first_password_use_occurred => 'Y');
       end loop;
       commit;
       wwv_flow_security.g_import_in_progress := false;
  end;
  However, this doesn't seem to do anything and doesn't return an error either. When I query the apex_040100.wwv_flow_fnd_user table nothing has changed
  I've searched the APEX documentation (http://docs.oracle.com/cd/E23903_01/welcome.html) for wwv_flow_fnd_user_api and there is only one match that just lists the package name, not even the spec
  thanks in advance
  Robert

  Ok now I had a bit more time to look at your code.
  I would do it like this:
  declare
    t_secgrp_id     apex_040100.apex_applications.workspace_id%type;
    t_existing_appl apex_040100.apex_applications.application_id%type := <YOUR APP number HERE>;
  begin
    select workspace_id
    into   t_secgrp_id
    from   apex_applications
    where  application_id = t_existing_app; 
    wwv_flow_security.g_security_group_id := t_secgrp_id;
    wwv_flow_security.g_user := 'ADMIN';
    wwv_flow_security.g_import_in_progress := true;
    for r in (select *
              from apex_040100.wwv_flow_fnd_user
              where security_group_id t_secgrp_id)
    loop
      wwv_flow_fnd_user_api.edit_fnd_user(p_user_id                      => r.user_id,
                                          p_user_name                    => r.user_name,
                                          p_change_password_on_first_use => 'N',
                                          p_first_password_use_occurred  => 'Y');
    end loop;
    commit;
    wwv_flow_security.g_import_in_progress := false;
  end;especially finding out the secgrp..
  Regards,
  Richard
  blog: http://blog.warp11.nl
  twitter: @rhjmartens
  If this question is answered, please mark the thread as closed and assign points where earned..

• Reset/change password error - cannot log in to builder - HELP!

  I'm encountering the same problem I described some time ago here: Reset/change password error - cannot log in to builder
  Briefly, the builder tells me I must change my password. When I attempt to do so, the password change page displays a null username, and tells me that my existing password is invalid. The same password failure occurs using the new password emailed to me by the "Rest password" function.
  I've cleared my browser cache, closed the browser, rebooted my client (WinXP), to no avail.
  Anyone able to help?
  Thanks
  jd

  Update:
  Workaround: log in using a different client machine.
  Scary.
  It looks the same problem reported, without response, here: Apex.oracle.com SaaS Login - Must Change Password.
  jd

• Obiee 11g How to let user change password

  obiee 11g How to let user change password ？
  i not mean use weblogic console。 normal user how to change password。

  With 11g, OBIEE essentially uses the 10g notion of external authentication.
  By default, this is done by the WLS (Weblogic) LDAP identity store, but it may be done by another supported Authenticator either within WLS, or in the OBIS meta data (i.e. Custom Authenticator or LDAP). As such, OBIEE no longer has any control over user passwords; this is why the steps referenced in note 1102353.1 do not apply to OBIEE 11g, but only to internal/repository-defined users in OBIEE 10g.
  So, as with password maintenance in OBIEE 10g when an external authenticator is used, it is within that external authentication system that password is changed, not within OBIEE 11g. There is no option in OBIEE 11g to allow users to change passwords.
  There are two work-arounds with which you can change your password:
  1) From the Weblogic administration console/WLST.
  You need to give such user access into Weblogic console or access to browse through involved MBean hierarchy and other modify permissions. Changing the password using WLST instance is covered here:
  Ideally, the console and WLST approaches are used by Administration accounts to manage other users. But the console and WLST can be made to allow other users to change passwords (which will be more or less like carrying out an administrative task by users themselves)
  2) Using a programmatic approach.
  Here the application that intends to provide password change functionality to its users should implement this functionality on its own (GUI plus call to the relevant Weblogic API). Weblogic provides an MBean that the application can use to accomplish this. See here for more information.
  An enhancement request exists for this functionality. This is unpublished bug 11836170 - enable non admin users to change passwords in obiee 11g.

• How to enable users change password in obiee 11g?

  Is there anyone know how to enable users change password in obiee 11g?
  And I have tried the method in obiee 10g, bu it didn't work.
  Any help would be appreciate.

  As per I understand your requirement,
  In your Dashboard create a Presentation variable which receives the value of year you select.
  Now in your analysis, select the year column along with all the measures you want (Actual, plan, Forecast, and what-if, etc).
  Create a filter on Year column and convert it into SQL. Put the condition as:
  "Year" BETWEEN @{Presentaion_Variable} - 1 AND @{Presentation_Variable}
  You will get the result for selected year and the previous year.
  Hope it helps..
  Regards,
  A.K.

• How to Enforce User Change Password First Time User in Release 2?

  Hi...
  We discovered in Oracle Directory Manager(in unix is oidadmin), there actualy
  column to expiry date.(the default is 60).
  We follow this notes in metalink..
  Note:176470.1 Subject: How To Pre-Expire Portal Passwords
  Even though the note is for Portal30(release1), we just wangt to try it in our Release 2...
  Extract from the note
  "3. Set the value of the column LAST_PASSWD_CHANGE_TIME in the table WWSEC_PERSON$ in SSO schema to a value older than the password expiration period (default is 90 days) before the current time (e.g. sysdate - 100) for the appropriate user(s)
  4. For example, if you have created a user called TEST
  you would issue a command such as:
  update wwsec_person$
  set LAST_PASSWD_CHANGE_TIME =sysdate-70
  where USER_NAME='TEST';
  commit; "
  But, when we try to login again in the portal, we can still login...
  So, is the function still exist in Release 2?..
  If not, why Oracle Portal throw that function away?
  Why there still columns in WWSEC_PERSON$ that maybe linked to the password problem?
  can anybody help/explain?
  Thanks....

  Rather than rehash what has already been thoroughly discussed, check this thread. This should answer your question.
  Can a user change his own password after admin has set it
  The english version of Jose Troya's blog: http://obiee101.blogspot.com/2008/08/obiee-change-password.html
  Edited by: LC143 on Aug 27, 2008 1:36 PM

• Open Directory users prompted to change password after 10.8 to 10.9 server upgrade

  I just upgraded our 10.8.5 server to 10.9.3. I also upgraded Server.app to the most recent version (3.1.2). I made a complete backup first as a precaution.
  Existing non-admin users are being prompted to change their password when logging in. I've narrowed the problem down to a checkbox in the "Global Password Policy" settings in Server.app, specifically this checkbox: "Passwords must: be reset on first user login". I had that box checked in 10.8 so that new users would be prompted to create a password the first time they logged into a bound computer. It worked great and I'd like to continue using this feature in 10.9.
  If I uncheck this box in Server.app in 10.9.3, existing users can log in just fine with their existing passwords. If I re-check the box, non-admin users are suddenly prompted to change their password when logging in, even though they've logged in countless times in the past.
  Here are some things I've tried:
  * stopping and restarting the Open Directory service in Server.app
  * restarting the server
  * disabling and re-enabling an existing user account
  * inspecting user records in Directory Utility for any peculiar attributes
  * I used the mkpassdb -dump command to verify that the correct "last login time" is present for a particular user, but I'm not enough of an Open Directory expert to know if this is the attribute that the Global Password Policy relies on.
  Does anyone have any other ideas or suggestions?

  UPDATE: It looks like this issue applies to new (post-upgrade) accounts, too, suggesting that this has nothing to do with the upgrade process. Can anyone confirm this behavior? It's easy to test:
  1) Make sure the "Passwords must: be reset on first user login" box is unchecked.
  2) Create a new user in Open Directory.
  3) Log in once. No problem.
  4) Now check the "Passwords must: be reset on first user login" box.
  5) Try to log in again. Were you prompted to change your password? Logically, you shouldn't have been prompted, but users on my server are being prompted.

• Password policy "change password at first login" errors!

  Complete panic!
  I've updated to OS X Server 4.1 and all my users appear to be ok. All green lights within the server app. Computers are NOT giving the red light 'network accounts unavailable'. However, no one can login. Every user, new and old, are being prompted at login to create a new password (say: Password 1). They type in a new password (say: Password2), the box shakes like it didn't accept it. However, if they try to login again, it won't accept Password1. If they type Password2, they again get prompted to change the password.
  So it looks like it's accepting the password, but stuck in this reset password loop.
  I've checked in the server app and workgroup manager. Neither have 'reset password at first login' selected.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address. It must not be connected to the same network with more than one interface; e.g., Ethernet and Wi-Fi.
  2. You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the server must be itself, unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. If you have accounts with network home directories, make sure the URL's are correct in the user settings. A return status of 45 from the authorizationhost daemon in the log may mean that the URL for mounting the home directory was not updated after a change in the hostname. If the server and clients are all running OS X 10.10 or later, directories should be shared with SMB rather than AFP.
  5. Follow these instructions to rebuild the Kerberos configuration on the server.
  6. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases. Otherwise delete all certificates and create new ones.
  7. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  8. Reboot the master and the clients.
  9. Don't log in to the server with a network user's account.
  10. Disable any internal firewalls in use, including third-party "security" software.
  11. If you've created any replica servers, delete them.
  12. If OD has only recently stopped working when it was working before, you may be able to restore it from the automatic backup in /var/db/backups, or from a Time Machine snapshot of that backup.
  13. Reset the password policy database:
  sudo pwpolicy -clearaccountpolicies
  14. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.
  If you get this far without solving the problem, then you'll need to examine the logs in the Open Directory section of the log list in the Server app, and also the system log on the clients.