OAM>TAP>OAAM: libOVD Returns Inappropriate Error Code ( Invalid User ) for Account Lockout (Doc ID 2045169.1)

Last updated on SEPTEMBER 16, 2016

Applies to:

Oracle Virtual Directory - Version 11.1.1.7.0 and later
Oracle Access Manager - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

Using Trusted Authentication Protocol (TAP) integration between Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM).  The user enters login credentials on OAAM login page to access a protected application.

When the user makes multiple attempts to login with invalid credentials, the account gets locked after a number of consecutive attempts.  Expecting OAM to send appropriate response code to OAAM so it can redirect the user to the locked out page , but OAAM is always redirecting the user to invalid_user page instead.

Errors from Oracle Access Manager (OAM) diagnostics logs for libOVD:

[2015-07-08T02:24:56.405-04:00] [oam_server1] [TRACE] [] [oracle.ods.virtualization] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: f1a843bd03ebc37f:285f7ae3:14e52951af0:-8000-00000000007580f4,0] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [SRC_METHOD: debug] found password Policy Response control
[2015-07-08T02:24:56.405-04:00] [oam_server1] [TRACE] [] [oracle.ods.virtualization] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: ] [ecid: f1a843bd03ebc37f:285f7ae3:14e52951af0:-8000-00000000007580f4,0] [APP: oam_server#11.1.2.0.0] [SRC_CLASS: oracle.ods.virtualization.engine.util.VDELogger] [SRC_METHOD: debug] failed to parse Password Policy Response control
[[ oracle.ods.virtualization.service.VirtualizationException at oracle.ods.virtualization.operation.controls.PasswordPolicyResponseControl.(PasswordPolicyResponseControl.java:131)

The error code suggest operational error while performing the LDAP command.

Issue parsing the response from LDAP. This can be seen from the following in the logs:

Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3160)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)
  at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
  at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2648)
  at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2622)
  at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2618)
  at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:192)
  at oracle.ods.virtualization.engine.backend.jndi.JNDIConnectionPool.rebind(JNDIConnectionPool.java:462)
  ... 62 more

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms