WebLogic 10.3.0 - j_security_check Treats Expired Password from Active Directory as Failed Login (Doc ID 1263237.1)

Last updated on JUNE 09, 2016

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Symptoms

On Weblogic (WLS) 10.3.0, web application uses form-based authentication.  This webapp which uses a standard form that submits password verification to j_security check, eg:

<form action="j_security_check">
   <input type="text" name="j_username"><br>
   <input type="password" name="j_password">
</form>


The LDAP provider in use is Active Directory LDAP. 

For some reason, j_security_check does not distinguish between an invalid and expired passwords, and always returns a LoginFailedException. 

There is no effect, even if the setting <Propagate Cause For Login Exception> is enabled on the Active Directory side.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms