Extend OAM 11g Password Policy Schema into OUD and Test Force Change password scenario

Steps:

1. Login into OUD Server
2. Navigate to /home/oracle/Oracle/Middleware_OUD/asinst_1/OUD/bin
3. Execute below command

./ldapmodify -h pokuri.demo.com -D "cn=Directory Manager" -w Abcd1234 -p 10389 -f /opt/oracle/Oracle/Middleware_OAM/Oracle_IDM1/oam/server/pswdservice/ldif/OUD_PWDPersonSchema.ldif –v

Note:

- OAM & OUD installed in same machine.

- “OUD_PWDPersonSchema.ldif” is the schema file which will come by default with OAM product

Success Message:

4. Login to ODSM console and validate extended schema.

5. Add “oblixorgperson” & “oblixPersonPwdPolicy” object classes to user entry

6. Login to OAM console and click on “Authentication Modules”

7. Search and click on “Password Policy Validation Module”

8. Update Steps as shown below and click on “Apply”

User Identification Step  

   KEY_IDENTITY_STORE_REF - OUD

   KEY_SEARCH_BASE_URL - ou=People,dc=demo,dc=com

User Authentication step

   KEY_IDENTITY_STORE_REF - OUD

   KEY_PROP_AUTHN_EXCEPTION - true

User Password status Step

   PLUGIN_EXECUTION_MODE - PSWDONLY

   KEY_IDENTITY_STORE_REF - OUD

   URL_ACTION - REDIRECT_POST

   NEW_USERPSWD_BEHAVIOR - FORCECHANGEPASSWORD

   POLICY_SCHEMA - OAM10G

   CHALLENGES_SUPPORTED – FALSE

   DISABLED_STATUS_SUPPORT - TRUE

     9. Now add “PasswordPolicyValidationSchema” in Application Domain

     10. Restart OAM Service

Testing

1. Add “obpasswordchangeflag” and add value as “true” which will force the user to change password as soon as user tries to access the OAM protected resource.

2. Access Protected Resource http://pokuri.demo.com:7777/ and enter user credentials

3. Enter current and new passwords

4. Password Reset Success Screen and click on “Continue” to land in application welcome page

5. Now check LDAP attribute for change password flag. It will be updated to “false”

Hope this helps some one out there!!

-- Siva Pokuri.