OID 10g Account Gets Locked Intermittently and the Failure Count Does Not Get Reset after Successful SSO login
(Doc ID 735092.1)
Last updated on MARCH 13, 2019
Applies to:
Oracle Internet Directory - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
Symptoms
OID version 10.1.4.0.1
Accounts getting locked randomly before reaching the maximum failure count set in the password policy
Problem happens only with SSO login
Not reproducible using ldapbind command
-- Steps To Reproduce:
Have the password policy set with the following attributes
Password Maximum Failure (pwdmaxfailure) = 3
Password Failure Count Interval (pwdfailurecountinterval) = 0
Password Expiry Time (pwdmaxage) = 0
Try to login to SSO
- Two login attempts to SSO with wrong password
- Use the correct password for the 3rd attempt
- Login with the wrong password again and gets Account Locked error message
This can be further verified by checking the "pwdfailuretime" attribute value. This value doesn't get cleared after a successful login to SSO.
ldapsearch -h <oid_host> -p <oid_port> -D "cn=orcladmin" -w <password> -b "user_DN" -s base "objectclass=*" pwdfailuretime
Note: If the search doesn't return any values, then it means that the password failure count has been reset to 0
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |