OAMMS Provides "Wrong Password" Error Code When It Should Inform User That The Account Is Locked
Last updated on SEPTEMBER 23, 2016
Applies to:Oracle Mobile and Social - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 11gR2]
Information in this document applies to any platform.
1. Modify the Java Web Token (JWT) & Oracle Access Manager (OAM) Authentication Service Provider, (JWTOAMAuthentication) configuration.
2. Under Authentication Schemes - Create a new authentication scheme
a. Auth Level is "2"
b. Default is off
c. Challenge Method is "Form"
d. Challenge Redirect URL is empty.
e. Auth Module is Password Policy "Validation Module"
f. Challenge URL is /pages/login.jsp
g. Context Type is "external"
h. Challenge Parameters are initial_command=NONE, OverrideRetryLimit=0, ssoCookie=disablehttponly
3. Change the authentication policy OICAuthenticationPolicy under IAMSuite domain to the new authentication scheme.
4. Login with an incorrect password max try times (five times in this example)
response message is "Wrong Password", "oicErrorCode", "IDAAS-21029
5. Account gets locked.
6. Try logging in again - the error message remains "Wrong Password", "oicErrorCode", "IDAAS-21029 as opposed to an "Account Locked" error message.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms