Incorrect Error Message For Disabled User when using OVD as idstore

(Doc ID 2351305.1)

Last updated on JANUARY 24, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.170117 and later
Information in this document applies to any platform.

Symptoms

Integration of OAM (11.1.2.3) , OVD (11.1.1.9) and OUD (11.1.2.3) which is used for Single Sign On for WebCenter Portal application.
Users are residing in OUD with OVD as LB/proxy. When a user is disabled in OUD, user getting Incorrect username/password error instead of OAM error code 5.

Caused by: oracle.security.am.engines.common.identity.provider.exceptions.IdentityProviderException: OAMSSA-20023: Authentication Failure
for user : user.0, for idstore OVDStore with exception oracle.igf.ids.AuthenticationException: Authentication failed for user uid=user.0,o
u=People,dc=vm,dc=oracle,dc=com. AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - Invalid Cre
dentials]] with primary error message LDAP Error 49 : [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]]
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.getIDSSpecificException(IDSUserProviderImpl.ja
va:820)
at oracle.security.am.engines.common.identity.provider.impl.ids.IDSUserProviderImpl.authenticateUserByName(IDSUserProviderImpl.jav
a:803)
at oracle.security.am.engines.common.identity.provider.impl.IdentityProviderImpl.authenticateUserByName(IdentityProviderImpl.java:
1305)
at oracle.security.am.engines.common.identity.provider.impl.OracleUserIdentityProvider.authenticateUserByName(OracleUserIdentityPr
ovider.java:482)
at oracle.security.am.engine.authn.internal.executor.AuthenticationModuleExecutor.execute(AuthenticationModuleExecutor.java:228)
... 42 more
Caused by: oracle.igf.ids.AuthenticationException: Authentication failed for user uid=user.0,ou=People,dc=vm,dc=oracle,dc=com. AdditionalI
nfo: LDAP Error 49 : [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]]
at oracle.igf.ids.arisid.ArisIdServiceManager.findEntity(ArisIdServiceManager.java:1684)
at oracle.igf.ids.UserManager.authenticateUser(UserManager.java:510)

OUD correctly shows disabled the error in logs. Testing with OUD store directly shows correct behavior

However OVD logs shows wrong message

<Nov 13, 2017 2:51:31 AM PST> <Error> <oracle.oam.user.identity.provider> <OAMSSA-20023> <Authentication Failure for user : xxx@xxxxl.com, for idstore Dev_OVD
with exception oracle.igf.ids.AuthenticationException: Authentication failed for user CN=xxx@xxx.com,ou=external,ou=users,dc=oud,dc=xxx,dc=org.
AdditionalInfo: LDAP Error 49 : [LDAP: error code 49 - LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]] with primary error message LDAP Error 49 : [LDAP:
error code 49 - LDAP Error 49 : [LDAP: error code 49 - Invalid Credentials]]>

 

Changes

 using OVD 11.1.1.9

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms