OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked

If you try to login to standalone Oracle Identity Manager (OIM), you’ll see logon screen as shown below. If OIM is integrated with Single Sign-On like Oracle Access Manager (OAM), then you should see Single Sign-On Server login screen.

In my OIM environment (integrated with OAM for SSO), after typing username/password in OAM login screen, OIM was presenting its login screen again.

OIM could present its login screen (even though OIM is integrated with OAM) in following scenarios

  • OIM is unable to see identity assertion from user session already authenticated via OAM (common issue when OAM webGate is 11g) : Make sure OAM_REMOTE_USER is chosen in ‘OAM Identity Asserter’ in WebLogic’s Authentication Provider.
  • OIM is unable to find authenticated user via OAM in OIM’s USR table (You will see error in OIM logs as ‘<user> No Such User‘): Make sure LDAPSync (more here and here) is enabled between OIM and LDAP (configured as Identity Store in OAM) . More on OAM’s LDAP integration here
  • OIM in unable to contact its database to validate logged in user (Error in JDBC to create new session).

 

 

Error: In my case error message in OIM log was “OIM Authenticator : user <user_name> soft locked” . This error message means User is locked in OIM (table USR and column USR_LOCKED).

Fix : Login as System Administrator (xelsysadm), search user and unlock (by clicking Unlock Account)

 

 

 

 

Other OIM/OAM integration issues

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

1 comments
neeraj says February 26, 2015

Hi Atul,
I am new to OIM domai and facing some issue :
I have integrated OIM+OAM+OUD, but once i login into OIM it dosen’t allow me to login saying Account is Invalid (before integration i was able to login) while credentials are right.Can you let me know the possible steps to where i am going wrong or which steps i have to follow? kindly sugggest……

Exception i am getting is:
javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.GeneratedMethodAccessor1019.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)

Reply
Add Your Reply

[index]
[index]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]
[523.251,1046.50]