User Account Locked Prematurely
(Doc ID 1958104.1)
Last updated on JANUARY 18, 2024
Applies to:
Oracle Access Manager - Version 11.1.2.2.0 and laterInformation in this document applies to any platform.
Symptoms
In an OAM-OIM integrated environemnt, when a user enters their password incorrectly 5 times their account is locked.
The LockoutAttempts is set to 6.
The oblogintrycount attribute is incremented by 2 on the last failed login attempt.
For example:
1. User enters protected resource in the browser
2. Try invalid login attempt.
3. Oblogintrycount in LDAP is 1
4. Try another login attempt
5. Oblogintrycount in LDAP is 3
6. Try one more login attempt
7. Oblogintrycount in LDAP is 5.
Possible error from the log:
oracle.security.am.engines.common.identity.provider.exceptions.IdentityProvide rException: OAMSSA-20027: Could not get user : 0408105763, idstore: CUR-CUSTOMER, with exception: oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter
(&(objectclass=<VALUE>)(<VALUE>=0408105763))..
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1593)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1416)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:928)
at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.getUserAttributes(OracleUserIdentityProvider.java:354)
at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.queryAttributesForUser(PasswordPolicyEngineController.java:1074)
at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateFailedLoginAttributesForUser(PasswordPolicyEngineController.java:668)
at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateUserAttributeIfNeeded(PasswordPolicyEngineController.java:639)
at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.handleCheckAuthnRetryEvent(PasswordPolicyEngineController.java:292)
at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.processEvent(PasswordPolicyEngineController.java:187)
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |