OpenAM json/authenticate password failure update pwdFailedTime field twice in DJ


This topic has 2 replies, 2 voices, and was last updated 7 years, 7 months ago by ratheeshvnair.

  • Author
  • #2415

    I have OpenAM 12.0 connecting to external OpenDJ 2.6.0 for identity data. I have configured the account lockout in OpenDJ to lock the user after 5 failed authentication attempt. But I noticed that when the OpenAM authentication REST api(json/authenticate) makes the call and if the authentication fails with incorrect password, it creates two pwdFailureTime record in OpenDJ. So this effectively locks out the user after 3 failed authentication attempt. Has anyone faced this problem? Is this a bug in the REST api or have I missed any configuration.

    BTW, same behavior is observed when I use OpenAM UI(openam/XUI/#login/) to login as the user too. A single authentication failure creates two pwdFailureTime record in OpenDJ. I think its related to REST API as XUI also calls REST API behind the scene.

    Please help.


     Peter Major

    How exactly did you set up authentication and the data stores? A single failed authentication attempt should only result in one failed BIND operation at the directory. If you check out the directory access logs can you see more than one attempts for BIND?


    Hi Peter,
    I forgot to update the forum earlier. I was able to solve the problem. I had to configure the LDAP authentication module pointing to the DJ server and then it started working.

    Thank you for your reply.


Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?