Is it possible to get user status, based on Ldap attribute (e.g. accountStatus) when login failed ? In order to display a specific message, more than “invalid credentials” e.g. “Your account is blocked because xxx, please contact us”
If you are using account lockout configured in OpenAM rather than in your backend datastore, there is a limited amount of information stored in the attribute sunAMAuthInvalidAttemptsData about the invalid attempt. I’m not sure that will be enough for your purposes, though. If you are authenticating using REST from a custom UI then the response to the REST request is likely to contain the most useful information. As a general rule, feedback to a user who has entered incorrect credentials should be minimal to avoid unnecessary information leakage.