OAAM 11g : Duplicate entries in VCRYPT_USERS in OAM-OAAM integrated setup (Doc ID 2103376.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Adaptive Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Symptoms

Case 1 :
----
Customer has OAM-OAAM environment integrated using TAPScheme.
When a protected resource is accessed, new users are routed to register their challenge questions. At this time, OAAM inserts the user entry in VCRYPT_USERS table with a row for the user having an encrypted value of EXT_USER_ID column.

Case 2 :
----
Customer also have password management functionalities in Identity Manager, wherein they perform KBA user registration using OAAM API Bharosahelper getQuestions.

When this is done, the EXT_USER_ID being one of the parameter to send from API, will be the actual value of LOGIN_ID, so in essence. there will be 2 rows in VCRYPOT_USERS table for the same LOGIN_ID and hence the user is asked to register at both the places.

In cases where user is already registed using OAAM API, accessing resource via TAPScheme results in "ORA-00001: unique constraint (OAAM.V_USERS_UK0) violated" error.

Expectation is since user has successfully been registed via OAAM API, he should be allowed accessed when resource is accessed via TAPScheme.
And at any time, for a user there should exist only a single entry in the VCRYPOT_USERS table.



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms