OAM11gR2: DefaultRetryLimit setting in oam-config.xml is ignored and the error "The user account is locked or disabled. Please contact the System Administrator" for every unsuccesful login attempt. (Doc ID 1570598.1)

Last updated on AUGUST 22, 2016

Applies to:

Oracle Access Manager - Version 11.1.2.0.0 and later
Information in this document applies to any platform.

Goal

Why does OAM11gR2 return error "The user account is locked or disabled. Please contact the System Administrator" after one invalid login attempt when the DefaultRetryLimit is set to 5 in oam-config.xml ?

Expected behaviour:

  1. OAM to return the message"An incorrect Username or Password was specified " for every unsuccesful login attempt until DefaultRetrylimit of 5 is reached.
  2. After DefaultRetryLimit is reached, if failure url
    1. is defined in the protected resource policy, then OAM redirects to failure url.
    2. is NOT  defined then OAM throws the error "The user account is locked or disabled. Please contact the System Administrator".

 

Current behaviour:

  1. OAM does not return the message "An incorrect Username or Password was specified" at all
  2. Regardless of DefaultRetryLimit setting in the oam-config.xml, for every unsuccessful login attempt,
    1. OAM redirects to failure url if one is  defined in the protected authentication  policy
    2. OAM returns the error "The user account is locked or disabled. Please contact the System Administrator"

 

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms