Oracle Access Manager 11gr2 (OAM 11.1.2.3) One time passowrd (OTP) via Email Fails with Error "oracle.security.am.foundation.udmrtstore.UDMRuntimeStoreException: User doesn't exist." (Doc ID 2242850.1)

Last updated on MARCH 15, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager 11gr2 (OAM 11.1.2.3) One time passowrd (OTP) via Email Fails with Error "oracle.security.am.foundation.udmrtstore.UDMRuntimeStoreException: User doesn't exist."

With OAM configured for One-Time Password/PIN (OTP) Two-factor authentication (T-FA), when attempting to access a protected resource the user inputs their credentials for SSO login as the first step, selects "One Time Pin through Email" as the form of Second Factor Authentication and the following error occurs in the browser window:

- When using the Embedded Credential Collector (ECC):
The "One Time Pin through Email" page is shown again after the option was selected.

- When using the Detached Credential Collector (DCC):
Oracle Access Manager Error
System error. Please re-try your action. If you continue to get this error, please contact the Administrator.

The OAM Managed Server diagnostic logs show the following error:


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. In an IE browser input the protected application URL: http://<host>:7777/HelloOTP.html
2. The browser redirects to the SSO login: https://<host>:4447/oamsso-bi/login.pl?...
3. Input the user credentials and Sign In:
User ID: testuser
Password: **********
4. Select "One Time Pin through Email" as the form of Second Factor Authentication

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms