OpenSSO: AuthLoginException Message not Meaningful when Authenticating User is Locked

(Doc ID 1301214.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle OpenSSO - Version: 6.3 to 8.0 - Release: 6.0 to 8.0
Information in this document applies to any platform.


Conditions under which the AM does not correctly capture the lockout in AuthLoginException.
Directory server lockouts are configured for users after X unsuccessful login attempts.

When you, an OpenSSO user, get locked out of the directory server (or "DS") after having unsuccessfully attempted to log into OpenSSO X times,
the DS throws a constraint violation error when OpenSSO tries to bind to the DS using your credentials.
OpenSSO logs this constraint violation as a general authentication failure in AuthLoginException and displays an incorrect error message to you.
The incorrect error message you will see is, "Authentication Failed".


You would like OpenSSO to log a more meaningful error, 
such as a "This user is not active" message,
when a user is locked out of the directory server after a sequence of failed
login attempts.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms