My Oracle Support Banner

Locking a User in an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) Integration Environment with Oracle Unified Directory (OUD) after X Number of Unsuccessful Login Attempts From OAM sets obLockedOn with a Wrong timestamp Format (Doc ID 2661659.1)

Last updated on AUGUST 24, 2021

Applies to:

Identity Manager - Version 12.2.1.3.0 and later
Oracle Access Manager - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

In an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) 12c integration after X unsuccessful login attempts (Out Of The Box 3) OAM locks the user in OUD

 

 

 

 

 

After the third wrong password the user does get locked in OUD and OAM redirects the user to the OIM lock page

 

 

To lock the user in OUD, OAM sets some attributes in the OUD user entry, one of them is obLockedOn

dn: <$DN>

....

middleName: XXX

oblockedon: 2020042117054208z

obpasswordchangeflag: false

sn: XXXX

oblogintrycount: 3

 

The oblockedon which stores the time the user was locked in UTC (Zulu) time use a wrong format, small z , instead of the correct LDAP timestamp format with a capital Z as defined in RFC 4519  

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.