Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Issue with Lockout Duration in Password Policy in OAM

AbhishekChoudhuryNov 13 2010 — edited Nov 19 2010

Hi,

We are facing an issue with the lockout duration configuration in the password policies in the identity manager interface for our OAM setup.
Oracle Access Manager 10g version 10.1.4
User/Policy Store: ADAM Ldap [Microsoft ADAM 2003]

After we lock out a user in our LDAP after 5 wrong attempts, the two attribute values in ADAM get updated to 5:
oblogintrycount
badPwdCount
Also I see that "oblockouttime" gets updated with an unix timestamp.

Now, we have set the "Lockout Duration" in the password policy as 1 hour. So, after 1 hour, the user should be unlocked in ADAM.
However, after 1 hour when the user tries to login, he/she gets the error that a wrong password has been entered for the userID.

When we check in ADAM, we see that the value of "oblogintrycount" was indeed reset. However the value of "badPwdCount" did not get reset and is still stuck at 5.
If we reset both these attribute values to 0, the user can login again.

Now, is OAM expected to reset both these attribute values to 0, or does it only reset the oblix attributes?
If it is the latter, is there a way around to resolve this issue? Or are we doing something wrong here?

Please let us know your feedback.

Thanks!
Abhishek.

This post has been answered by AmbarishMitra on Nov 15 2010

Jump to Answer

Locked Post

New comments cannot be posted to this locked post.

Locked on Dec 17 2010

Added on Nov 13 2010

#identity-management, #identity-manager, #oam, #oim, #password

2 comments

304 views