OAMMS Provides "Wrong Password" Error Code When It Should Inform User That The Account Is Locked (Doc ID 1914762.1)

Last updated on SEPTEMBER 23, 2016

Applies to:

Oracle Mobile and Social - Version 11.1.2.1.0 to 11.1.2.2.0 [Release 11gR2]
Information in this document applies to any platform.

Symptoms

1. Modify the Java Web Token (JWT) & Oracle Access Manager (OAM) Authentication Service Provider,  (JWTOAMAuthentication) configuration.

2. Under Authentication Schemes - Create a new authentication scheme
a. Auth Level is "2"
b. Default is off
c. Challenge Method is "Form"
d. Challenge Redirect URL is empty.
e. Auth Module is Password Policy "Validation Module"
f. Challenge URL is /pages/login.jsp
g. Context Type is "external"
h. Challenge Parameters are initial_command=NONE, OverrideRetryLimit=0, ssoCookie=disablehttponly

3. Change the authentication policy OICAuthenticationPolicy under IAMSuite domain to the new authentication scheme.

4. Login with an incorrect password max try times (five times in this example)
response message is "Wrong Password", "oicErrorCode", "IDAAS-21029

5. Account gets locked.

6. Try logging in again - the error message remains "Wrong Password", "oicErrorCode", "IDAAS-21029 as opposed to an "Account Locked" error message.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms