My Oracle Support Banner

User Account Locked Prematurely (Doc ID 1958104.1)

Last updated on JANUARY 18, 2024

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

In an OAM-OIM integrated environemnt, when a user enters their password incorrectly 5 times their account is locked.
The LockoutAttempts is set to 6.

The oblogintrycount attribute is incremented by 2 on the last failed login attempt.

For example:

1. User enters protected resource in the browser
2. Try invalid login attempt.
3. Oblogintrycount in LDAP is 1
4. Try another login attempt
5. Oblogintrycount in LDAP is 3
6. Try one more login attempt
7. Oblogintrycount in LDAP is 5.

 

Possible error from the log:


 oracle.security.am.engines.common.identity.provider.exceptions.IdentityProvide rException: OAMSSA-20027: Could not get user : 0408105763, idstore: CUR-CUSTOMER, with exception: oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter
 (&(objectclass=<VALUE>)(<VALUE>=0408105763))..
 at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1593)
 at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1416)
 at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:928)
 at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.getUserAttributes(OracleUserIdentityProvider.java:354)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.queryAttributesForUser(PasswordPolicyEngineController.java:1074)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateFailedLoginAttributesForUser(PasswordPolicyEngineController.java:668)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateUserAttributeIfNeeded(PasswordPolicyEngineController.java:639)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.handleCheckAuthnRetryEvent(PasswordPolicyEngineController.java:292)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.processEvent(PasswordPolicyEngineController.java:187)

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.