On both 10g and 11g portals I'm using a login.jsp page and a password.jsp that are written from an oracle example default pages with only visual changes in the pages.
The issue is when a user logins and is forced to updated their password. The user enters their old password, new password, validates new password then hits enter. Instead of redirecting to login with new password as it should the user receives an error message that password change failed. Then it redirects them back to the change password page even though their new password is already in effect and working correctly.
This does not happen every time. I'm able to reproduce it just not consistently.
This is creating lots of instances of users locking their accounts and mishandling their passwords. Since it appears to them the system didn’t accept the password change, and they reenter over and over again. Since this happens frequently enough it makes the change password tool impractical to use.
The password.jsp page is writen straight from the oracle documentation and submits change password information to sso/ChangePwdServlet