If you login to application protected by Oracle Access Manager (OAM for Single Sign-On/SSO) and you see screen like above “Your account is locked. You can unlock your account by going to Forgot Password” , This error means your account is locked in Oracle Access Manager (OAM)
Q: How OAM 11g treats account as locked ?
If value of user’s attribute obLockoutTime is set or value of obLoginTryCount is set to 5 then OAM treats this account as locked.
Q: How can an end user unlock account without contacting administrator (Self Service) ?
If OAM is integrated with Oracle Identity Manager (OIM) then clicking on Forgot Password link will take user to forgot password page in OIM. User can then answer challenge questions registered at time of first time login. After entering correct answer to challenge questions, OIM will reset password in OIM and also update password in LDAP (OID in this case) using LDAPSync (OIM should be configured with LDAPSync enabled. More on LDAPSync here, here, and here). This process will also clear two attributes obLockoutTime, and obLoginTryCount (OAM will then treat account as unlocked)
Q: How can an OIM Administrator unlock account locked in OAM via OIM ?
Once user is locked in OAM (via two attributes obLockoutTime and obLoginTryCount), LDAP User Reconciliation Job in OIM (that runs every 5 minutes) will bring user’s data in OIM and enable UNLOCK button next to this user (If you see LOCK button then user is not locked, If you see UNLOCK button that means user in Locked in OIM too). Administrator can click on UNLOCK button next to user details.
Note: If there is any problem with reconciliation job (LDAP User Reconciliation) then you can have a user that is locked in OAM but not in OIM. Workaround in such case is first LOCK the user from OIM and then UNLOCK again from OIM (This step should clear two attributes obLockoutTime and obLoginTryCount from OID)
Other issues related to Account Lockout in Oracle Stack (depending on how you login and how components are integrated with each other) are
- OIM-OAM-OAAM Account LockOut in OAM
- User is not locked after configured value
- User unable to login because of Locked Account
- How to unlock user in 10g OAM
Related Posts for Identity Manager
- Oracle Identity Manager (User Provisioning – Thor)
- Installing Oracle Identity Manager (Thor Xellerate)
- Oracle Identity Manager 9.1 released
- Oracle Identity Manager (Thor Xellerate) Architecture
- Resource, Reconciliation, Provisioning and Connector in Oracle Identity Manager #OIM
- Oracle Identity Manager (OIM) Connector for Oracle Internet Directory (OID) : Architecture and Overview
- Step by Step Installation of OIM Design Console 9.1.0
- Error while running PurgeCache in OIM 11g : LoginException unable to find LoginModule class : WebLogic Full Clinet
- Integrate OIM 11g with OID using connector for Provisioning / Reconcilliation – Installation
- PurgeCache in OIM 11g : CategoryName
- OIM LDAP Sync : Overview and Key Points
- OIM 11g : How to export/import/delete Files from MDS
- Where are OAM details stored in OIM (account unlock, password reset)
- libOVD adapters in OIM LDAP Integration : LDAPsync – view and modify Adapter settings (bindDN and bindPassword)
- Error Starting OIM Design Console (xlclient.sh) on Linux java.lang. NoClassDefFoundError
- OIM 11g Challenge Questions (PCQ) for forgot password
- Oracle EBS Integration with OIM (Identity Manager) : Things you should know
- Users not synced from OID to OIM : Debug Scheduled Job
- OIM Connector for Microsoft : AD, Exchange, Windows, Password Management
- Connector Server for OIM connectors : .NET or JAVA
- OIM 11g Challenge Questions – Everything you must know
- OIM 11g How to add Challenge Questions
- OIM : Assign AD resource : An error occurred because the Adapters are not compiled : How to compile adapters in OIM
- OIM User Creation : An Error occurred while performing create user operation. Unable to get LDAP connection
- OIM – AD integration : Active Directory Group Lookup Recon failed with error Remote Framework Key is invalid
- Microsoft Active Directory (AD) to Oracle Identity Manager (OIM) Password Synchronization: Things you must know : Part I
- Provision resource “Microsoft Exchange” to user in OIM : Status remains in Provisioning : Part I
- Target Resource (or Managed Resource) vs Trusted Source (or Authoritative Source) Mode : OIM integration with applications (AD, OID, OVD, EBS, SAP, HR, LDAP)
- 500 Internal server accessing OIM application : com.bea. security.MicroSM. getInstance oracle.iam. platform. authz.impl
- Your account is locked. You can unlock your account by going to Forgot Password
- OIM 11g : How to find User and Manager details : USR table
- OIM 11g : User Detail/Attribute (Description) not visible in OIM User screen : EBS / OID / OIM integration
- OIM 11g: The add proxy operation for user XXXXX failed with following error oracle. bpel. services. workflow. client. workflowservieclientException javax.xml.ws.WebServiceException could not determine wsdl ports
- Oracle Identity Manager BP07 for 11gR1 PS1 220.127.116.11.7 (16097399) is now available – (Part of Identity Management SUite BP03 16209876)
- OIM 11g : SQL to List User’s Manager
- OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked
- OIM 11g: Beware if you are applying WebLogic patch !
- Help Me : Microsoft Active Directory Password Sync version and latest patch for Oracle Identity Manager 18.104.22.168
- Upgrade OIM connector for Microsoft Exchange to 22.214.171.124 Part I
- OIM Administrators : Is your OIM database Growing ? Do you purge enough ?