E1: SEC: LDAP: Security History Record Captures "Success" in F9312 Event Status For an Expired Or Disabled User Login Event When LDAP Authentication is Enabled (Doc ID 2908085.1)

Last updated on NOVEMBER 11, 2022

Applies to:

Symptoms

With an Lightweight Directory Access Protocol (LDAP) enabled E1 authentication, security history record shows a "Success" login event status in F9312 when an expired Or disabled user signs in.
The use case is that, when there are several business suites within an organization and one among them is E1, if there is a need to restrict a user from E1 customer expire the role for this user in P95921 and remove the record from P98LPSEC.

When login with this disabled user , a valid on-screen error is thrown as below:

However, security history table F9312 logs an incorrect 01(Success) entry for event status instead of 02 (Failure).

Steps to replicate

1. In an LDAP enabled setup, Select an existing E1 user
2. Expire the Role for the above user in P95921
3. Remove the corresponding record for the above User from P98LPSEC
4. Attempt to Sign-in to the web client
5. On screen error - "SignIn Error: An unknown JAS sign in error occurred.Please contact the System Administrator." is thrown
6. Review table F9312, you will notice a new record for this failed login with an event status 01(Success)

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.