IDM Blog-Oracle/Sun/Passlogix: Password Policy Is Not Redirecting To "Change Password" Page.

Tuesday, March 16, 2010

Password Policy Is Not Redirecting To "Change Password" Page.

-- Problem Statement: I have configured the password policy per documentation.

But in access server logs I see "Passwordexpired and password-change redirect URL is NULL" error.Oracle® Access Manager Identity and Common Administration Guide10g (10.1.4.0.1)Chapter 7 Configuring Global SettingsSection 7.8.5.1 Configuring Redirection to a Password Reset Page After Password Expiry

http://download.oracle.com/docs/cd/B28196_01/idmanage.1014/b25343/idconfig.htm#BABFCJFC

The obcompoundata was not top of the o=Oblix,ou=apps,dc=epri,dc=com tree.Oracle® Access

Manager Schema Description10g (10.1.4.2.0)Chapter 1 Schema Description for 10gTable 1-26 oblixConfig Attributes

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/e10357/schema.htm#CFHFJIBH

To implement the solution, please execute the following steps::Please create three ldifs files to create the obpasswordchangeredirecturl, obpasswordexpiryredirecturl

and obcompounddata attribute at the ou=Oblix level:dn: o=Oblix,ou=apps,dc=epri,dc=comchangetype: modifyreplace:

obpasswordchangeredirecturlobpasswordchangeredirecturl: http://www.google.comdn: o=Oblix,ou=apps,dc=epri,dc=comchangetype: modifyreplace:

obpasswordexpiryredirecturlobpasswordexpiryredirecturl: http://www.yahoo.comdn: o=Oblix,ou=apps,dc=epri,dc=comchangetype: modifyreplace: obcompounddataobcompounddata::

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPENvbXBvdW5kTGlzdAogICAgeG1sbnM9Imh0dHA6Ly93d3cub2JsaXguY29tIgogICAgTGlzdE5hbWU9Im9iY29tcG91bmRkYXRhIj4KICAgIDxWYWxOYW1lTGlzdAogICAgICAgIHhtbG5zPSJodHRwOi8vd3d3Lm9ibGl4LmNvbSIKICAgICAgICBMaXN0TmFtZT0iQXV0aG5Mb2dnaW5nQ29uZmlnIj4KICAgICAgICA8TmFtZVZhbFBhaXIKICAgICAgICAgICAgUGFyYW1OYW1lPSJTdWNjZXNzTG9nRW5hYmxlZCIKICAgICAgICAgICAgVmFsdWU9ImZhbHNlIj48L05hbWVWYWxQYWlyPgogICAgICAgIDxOYW1lVmFsUGFpcgogICAgICAgICAgICBQYXJhbU5hbWU9IlN1Y2Nlc3NBdHRlbXB0VGltZUF0dHJpYnV0ZSIKICAgICAgICAgICAgVmFsdWU9Im9ibGFzdFN1Y2Nlc3NGdWxMb2dpbiI+PC9OYW1lVmFsUGFpcj4KICAgICAgICA8TmFtZVZhbFBhaXIKICAgICAgICAgICAgUGFyYW1OYW1lPSJGYWlsZWRMb2dFbmFibGVkIgogICAgICAgICAgICBWYWx1ZT0iZmFsc2UiPjwvTmFtZVZhbFBhaXI+CiAgICAgICAgPE5hbWVWYWxQYWlyCiAgICAgICAgICAgIFBhcmFtTmFtZT0iRmFpbGVkQXR0ZW1wdFRpbWVBdHRyaWJ1dGUiCiAgICAgICAgICAgIFZhbHVlPSJvYmxhc3RGYWlsZWRMb2dpbiI+PC9OYW1lVmFsUGFpcj4KICAgIDwvVmFsTmFtZUxpc3Q+CjwvQ29tcG91bmRMaXN0Pgo=1.

Once all three have been added, please verify it exists by running an ldapsearch.

2. Once they are in place then restart identity and access servers and retest.