OIM integrated with OAM (SSO) showing OIM login screen : User Soft Locked

If you try to login to standalone Oracle Identity Manager (OIM), you’ll see logon screen as shown below. If OIM is integrated with Single Sign-On like Oracle Access Manager (OAM), then you should see Single Sign-On Server login screen.

In my OIM environment (integrated with OAM for SSO), after typing username/password in OAM login screen, OIM was presenting its login screen again.

OIM could present its login screen (even though OIM is integrated with OAM) in following scenarios

  • OIM is unable to see identity assertion from user session already authenticated via OAM (common issue when OAM webGate is 11g) : Make sure OAM_REMOTE_USER is chosen in ‘OAM Identity Asserter’ in WebLogic’s Authentication Provider.
  • OIM is unable to find authenticated user via OAM in OIM’s USR table (You will see error in OIM logs as ‘<user> No Such User‘): Make sure LDAPSync (more here and here) is enabled between OIM and LDAP (configured as Identity Store in OAM) . More on OAM’s LDAP integration here
  • OIM in unable to contact its database to validate logged in user (Error in JDBC to create new session).

 

 

Error: In my case error message in OIM log was “OIM Authenticator : user <user_name> soft locked” . This error message means User is locked in OIM (table USR and column USR_LOCKED).

Fix : Login as System Administrator (xelsysadm), search user and unlock (by clicking Unlock Account)

 

 

 

 

Other OIM/OAM integration issues

About the Author Masroof Ahmad

Leave a Comment:

1 comments
Add Your Reply