OAAM 11g : Duplicate entries in VCRYPT_USERS in OAM-OAAM integrated setup
Last updated on MARCH 08, 2017
Applies to:Oracle Adaptive Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Case 1 :
Customer has OAM-OAAM environment integrated using TAPScheme.
When a protected resource is accessed, new users are routed to register their challenge questions. At this time, OAAM inserts the user entry in VCRYPT_USERS table with a row for the user having an encrypted value of EXT_USER_ID column.
Case 2 :
Customer also have password management functionalities in Identity Manager, wherein they perform KBA user registration using OAAM API Bharosahelper getQuestions.
When this is done, the EXT_USER_ID being one of the parameter to send from API, will be the actual value of LOGIN_ID, so in essence. there will be 2 rows in VCRYPOT_USERS table for the same LOGIN_ID and hence the user is asked to register at both the places.
In cases where user is already registed using OAAM API, accessing resource via TAPScheme results in "ORA-00001: unique constraint (OAAM.V_USERS_UK0) violated" error.
Expectation is since user has successfully been registed via OAAM API, he should be allowed accessed when resource is accessed via TAPScheme.
And at any time, for a user there should exist only a single entry in the VCRYPOT_USERS table.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms