User Account Locked Prematurely (Doc ID 1958104.1)

Last updated on MAY 12, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

In an OAM-OIM integrated environemnt, when a user enters their password incorrectly 5 times their account is locked.
The LockoutAttempts is set to 6.

The oblogintrycount attribute is incremented by 2 on the last failed login attempt.

For example:

1. User enters protected resource in the browser
2. Try invalid login attempt.
3. Oblogintrycount in LDAP is 1
4. Try another login attempt
5. Oblogintrycount in LDAP is 3
6. Try one more login attempt
7. Oblogintrycount in LDAP is 5.

 

Possible error from the log:


 oracle.security.am.engines.common.identity.provider.exceptions.IdentityProvide rException: OAMSSA-20027: Could not get user : 0408105763, idstore: CUR-CUSTOMER, with exception: oracle.igf.ids.EntityNotFoundException: Entity not found for the search filter
 (&(objectclass=vfaucustomer)(uid=0408105763))..
 at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUser(IDSUserProviderImpl.java:1593)
 at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getUserAttributes(IDSUserProviderImpl.java:1416)
 at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.getUserAttributes(IdentityProviderImpl.java:928)
 at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.getUserAttributes(OracleUserIdentityProvider.java:354)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.queryAttributesForUser(PasswordPolicyEngineController.java:1074)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateFailedLoginAttributesForUser(PasswordPolicyEngineController.java:668)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.updateUserAttributeIfNeeded(PasswordPolicyEngineController.java:639)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.handleCheckAuthnRetryEvent(PasswordPolicyEngineController.java:292)
 at oracle.security.am.engines.enginecontroller.PasswordPolicyEngineController.processEvent(PasswordPolicyEngineController.java:187)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms