1 Reply Latest reply: Feb 1, 2013 5:39 AM by ColinPurdon-Oracle RSS

    OAM 11g user is not locked in the LDAP after MaxRetry 5 failed attempts.

      Using OAM 11g to protect resources in custom app build upon Oracle FMW (WebCenter, Spaces). The app works properly. Single sign is implemented.
      Microsoft Server 2008 Active Directory is used as LDAP server that hosts users and groups for the app.
      Test case:
      When logging in with a valid user name and invalid password for the account, the user exceeds the allowed number of invalid logins (MaxRetry = 5)
      So on five attemps we get OAM-2 coming back from OAM server.
      On the fifth attempt the user gets OAM-5 and the redirect set in OAM Policy to Failed URL kicks in, which is fine.

      However the concern is that the user is not locked in the Active Directory server, so the user can still log in to the site with the correct username and password.

      Edited by: p_zaw on Jan 30, 2013 6:16 AM