My Oracle Support Banner

WebLogic 10.3.0 - j_security_check Treats Expired Password from Active Directory as Failed Login (Doc ID 1263237.1)

Last updated on DECEMBER 11, 2017

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Symptoms

On Weblogic (WLS) 10.3.0, web application uses form-based authentication.  This webapp which uses a standard form that submits password verification to j_security check, eg:

<form action="j_security_check">
   <input type="text" name="j_username"><br>
   <input type="password" name="j_password">
</form>


The LDAP provider in use is Active Directory LDAP. 

For some reason, j_security_check does not distinguish between an invalid and expired passwords, and always returns a LoginFailedException. 

There is no effect, even if the setting <Propagate Cause For Login Exception> is enabled on the Active Directory side.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.