Hi All,

I am working in 11g environment involving products OIM/OAM/OID/OVD.  The user management is happening through OIM – for eg., disable user. There is an application protected in OAM and using OVD Authentication Module. OVD Auth Module uses OID in the backend. OIM is talking to OID using OID connector.

Now the point is how to prevent disabled users in OID to login to application protected by OAM 11g. The answer is NO EXTRA configuration is required. It happens by default with attribute orclisenabled.

So when an user is disabled through OIM console then user attribute in OID orclisenabled will set to DISABLED (the default value is ENABLED). You will not have any attribute in OAM authentication scheme to specify the type of users to be allowed to authenticate against OAM 11g – this is unlike in OAM 10g where we can specify the attribute values or authentication constraits in credential_mapping plugin.

The disabled user will also appear in OVD console by default (with attribute orclisenabled). Now when the disabled user tries to access OAM protected application then it will throw Custom Form login page (in our case) and after entering correct credentials it will redirect to login page once again.

NOTE: The attribute orclisenabled should have proper value to prevent authentication. For eg., if it has value say FALSE then user will be able to login without any issues.