My Oracle Support Banner

OpenSSO Not Enforcing DataStore Authentication Attempt Limits In a SITE Configuration (Doc ID 2354093.1)

Last updated on MARCH 25, 2019

Applies to:

Oracle OpenSSO - Version 8.0.2 and later
Information in this document applies to any platform.

Symptoms

Multiple failed login attempts do not trigger temporary account lockout in a multi-server OpenSSO 8.0U2P5 environment

VERSION: 8.0U2 P4 and P5

1) Multiple OpenSSO  servers in a load balanced environment
2) Data store does not use the default “uid” attribute for user search , but use CN
3) Memory based lockout + persist to DataStore enabled
4) SDK caching enabled


Changes

None

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.