Wednesday, November 12, 2014

Extend OAM 11g Password Policy Schema into OUD and Test Force Change password scenario


Steps:
  1. Login into OUD Server
  2. Navigate to /home/oracle/Oracle/Middleware_OUD/asinst_1/OUD/bin
  3. Execute below command
./ldapmodify -h pokuri.demo.com -D "cn=Directory Manager" -w Abcd1234 -p 10389 -f /opt/oracle/Oracle/Middleware_OAM/Oracle_IDM1/oam/server/pswdservice/ldif/OUD_PWDPersonSchema.ldif –v

Note:
- OAM & OUD installed in same machine.

- “OUD_PWDPersonSchema.ldif” is the schema file which will come by default with OAM product




Success Message:



4. Login to ODSM console and validate extended schema.



5. Add “oblixorgperson” & “oblixPersonPwdPolicy” object classes to user entry



6. Login to OAM console and click on “Authentication Modules”





7. Search and click on “Password Policy Validation Module”

8. Update Steps as shown below and click on “Apply”

User Identification Step  
   KEY_IDENTITY_STORE_REF - OUD
   KEY_SEARCH_BASE_URL - ou=People,dc=demo,dc=com

User Authentication step
   KEY_IDENTITY_STORE_REF - OUD
   KEY_PROP_AUTHN_EXCEPTION - true

User Password status Step
   PLUGIN_EXECUTION_MODE - PSWDONLY
   KEY_IDENTITY_STORE_REF - OUD
   URL_ACTION - REDIRECT_POST
   NEW_USERPSWD_BEHAVIOR - FORCECHANGEPASSWORD
   POLICY_SCHEMA - OAM10G
   CHALLENGES_SUPPORTED – FALSE
   DISABLED_STATUS_SUPPORT - TRUE

     9. Now add “PasswordPolicyValidationSchema” in Application Domain



     10. Restart OAM Service

Testing

  1. Add “obpasswordchangeflag” and add value as “true” which will force the user to change password as soon as user tries to access the OAM protected resource.




2. Access Protected Resource http://pokuri.demo.com:7777/ and enter user credentials


3. Enter current and new passwords



4. Password Reset Success Screen and click on “Continue” to land in application welcome page





5. Now check LDAP attribute for change password flag. It will be updated to “false”



Hope this helps some one out there!!

-- Siva Pokuri.