OAAM 11g : Duplicate entries in VCRYPT_USERS in OAM-OAAM integrated setup
(Doc ID 2103376.1)
Last updated on OCTOBER 06, 2019
Applies to:Oracle Adaptive Access Manager - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Case 1 :
Customer has OAM-OAAM environment integrated using TAPScheme.
When a protected resource is accessed, new users are routed to register their challenge questions. At this time, OAAM inserts the user entry in VCRYPT_USERS table with a row for the user having an encrypted value of EXT_USER_ID column.
Case 2 :
Customer also have password management functionalities in Identity Manager, wherein they perform KBA user registration using OAAM API Bharosahelper.getQuestions.
When this is done, the EXT_USER_ID being one of the parameter to send from API, will be the actual value of LOGIN_ID, so in essence. There will be 2 rows in VCRYPT_USERS table for the same LOGIN_ID and hence the user is asked to register at both the places.
In cases where user is already registered using OAAM API, accessing resource via TAPScheme results in "ORA-00001: unique constraint (<PREFIX>.V_USERS_UK0) violated" error.
Expectation is since user has successfully been registered via OAAM API, user should be allowed accessed when resource is accessed via TAPScheme.
And at any time, for a user there should exist only a single entry in the VCRYPOT_USERS table.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document