Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OAM-OIM 11g User Lockout Question

438661Jul 1 2011 — edited Nov 14 2011
All,

We have a OAM and OIM 11.1.1.3 installation and i am testing the invalid login attempt scenarios and came across teh following situation. I was wondering if you could give me steps or some pointers for resolving this:

1. created an account tom.jerry@disney.com as xelsysadm and reset the password on first login
2. Have the following OIM default parameters (these are the only configs that i could find are possibly related to this)
XL.UnlockAfter - 0
XL.MaxLoginAttempts - 10
3. Entered incorrect password and for the initial 4 times i got the OAM login screen back with an error message "An incorrect Username or Password was specified"
4. After 5th attempt i just got the error message "Error
An incorrect Username or Password was specified"
5. I go back the http://oimservername:oimport/oim i get the login screen again and enter tom.jerry@disney.com with an incorrect password next 4 times (total 9 now) I get login screen back with "An incorrect Username or Password was specified"
6. after the 10th attempt with incorrect password i get a different error message with no login screen "Error
The user account is locked. Please contact Administrator."
7. I logged into OIM as xelsysadm -> administration -> search user tom.jerry@disney.com and it doesn't show that the account is locked. I lock it anyways explicitly by clicking the button the user screen and click unlock immediately and now enter tom.jerry@disney.com and correct password everything works.

Few questions that i have are:
1. how do i get the OAM/OIM system to behave consistently, (give an incorrect username or password message until the first 9 attempts with a login screen back to the end user and give them an error message at the end that the accoutn is locked". I am okay with out of the box message text
2. How will our operations team understand that the user is really locked becuase they have nowhere to go find this information
3. what are all the places where i will look for this information in the above scneario when the user account is locked by himself. (OVD/OID, USR table in OIM_DEV schema etc)
4. Are there any other best practices that i should follow in setting up the system.

Thanks in advance for reviewing this.

Prasad.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 12 2011
Added on Jul 1 2011
#identity-management, #identity-manager, #issue, #oam, #oim, #user
10 comments
2,788 views