Error User account is locked due to mismatch of encryption type

(Doc ID 2278788.1)

Last updated on JUNE 30, 2017

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


On : version, Authentication Engine

WNA login Fails with below error -

[2017-06-18T13:14:57.250-05:00] [WLS_OAM1] [TRACE] [] [oracle.oam.engine.authn] [tid: [ACTIVE].ExecuteThread: '3' for queue: 'weblogic.kernel
.Default (self-tuning)'] [userId: <anonymous>] [ecid: 35676af3cb435206:-33d2601f:15caa868899:-8000-0000000000095eb3,0] [APP: oam_server#11.1.
2.0.0] [SRC_CLASS:] [SRC_METHOD: authenticate] Authentication Failed.[[ Unable to obtain password from user

at sun.reflect.GeneratedMethodAccessor2560.invoke(Unknown Source)



OAM-WNA configurations are correct and kinit is success.

klist and krb5.conf is showing AES  encryption type . kinit is successful from OAM server.

$ klist -k -e -t /u01/app/OAMPRD/Oracle/MW/user_projects/domains/oam_domain/hps.keytab
Keytab name: FILE:/u01/app/OAMPRD/Oracle/MW/user_projects/domains/oam_domain/hps.keytab
KVNO Timestamp Principal
--- ----------------- --------------------------------------------------------

3 12/31/69 18:00:00 HTTP/ (aes256-cts-hmac-sha1-96)


krb5.conf is configured for AES

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default_tkt_enctypes = AES256-SHA1
default_tgs_enctypes = AES256-SHA1




 New WNA configuration


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms