OpenSSO AuthLoginException ,"Unknown LDAP Exception", Message not Meaningful when Authenticating User is Locked (Doc ID 1315413.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle OpenSSO - Version 6.3 to 8.0.1 [Release 6.0 to 8.0]
Information in this document applies to any platform.
Bug 6471046: AuthLoginException Message not Meaningful when Authenticating User is Locked Out.


Symptoms

When a User reaches the maximum number of invalid login attempts,the OpenSSO LDAP module returns a generic error, "Unknown LDAP Exception", (also known as), code 107, which means,"Authentication Failed". This error message does not provide very meaningful information to the User or the Account Administrator.

If a specific error code for Account Lock Out is desired, you can customize the UI interface to return a unique error to fit your needs


The below log entry from Access Manager debug log, "amAuthContextLocal", demonstrates the "Unknown LDAP exception" that occurs  when a user is locked out.

AuthContextLocal:: Status : failed

09/07/2006 04:38:54:778 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::getLoginException()

09/07/2006 04:38:54:778 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::getLoginException()

09/07/2006 04:38:54:779 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::getLoginException()

09/07/2006 04:38:54:780 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::getLoginException()

09/07/2006 04:38:54:780 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::getLoginException()

09/07/2006 04:38:54:782 PM EDT: Thread[service-j2ee-3,5,main]

AuthContextLocal::logout()

09/07/2006 04:38:54:787 PM EDT: Thread[service-j2ee-3,5,main]

Exception in AMLoginContext::logout() Error logging out :

Unknown LDAP exception.

 

 

 

Changes

Steps to Reproduce:
******************
1. Setup the LDAP Data Store, (OpenSSO schema).
2. Configure account lockout in the Directory Server, so that user gets locked out after 3 invalid
attempts.
3. Change the "Login.java" Sample in the client samples of OpenSSO, so that on failure both
error code and error message are displayed.
4. Compile and execute the Sample.
5. Try a test user with several wrong password attempts and let the user get locked.
6. Now try authenticating the same user with the correct password.
The error code obtained is 107 and message is Authentication Failed.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms