Tuesday, November 22, 2011

OAM 11.1.1.3 security error codes

Oracle Access Manager returns a distinct set of error codes for various types of deployment. Types include SECURE, INTERNAL, EXTERNAL and OSSO10g. Most environments use EXTERNAL mode for their deployment. The error codes and their message can retrieved via the ResourceBundle as shown below:

ResourceBundle msgBundle  = ResourceBundle.getBundle(defaultResourceBundle, myLocale);

  final String defaultErrorCode = "DEFAULT_ERR_MESSAGE";
  String simpleMessage = msgBundle.getString(defaultErrorCode);
  // if redirection due to error happened
  String errCode = request.getParameter(GenericConstants.ERROR_CODE);
  if(errCode != null) {
    try {
      simpleMessage = msgBundle.getString(errCode);
    }
    catch(Exception e) {
      //ignore. simpleMessage will be set to the default
    }
  }

Overall Error codes and their messages are described below for convenience. Detailed information can be found in Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service document. These codes can be used for customizing messages instead of using the messages from resourcebundle implementation.

External Error Code Trigger Condition Recommended Display Message
OAM-1
Invalid login attempts less than the allowed count.
An incorrect Username or Password was specified
OAM-2
Invalid login attempts less than the allowed count.
An incorrect Username or Password was specified
OAM-3
Processing submitted credentials fails for some reason. For example: in WNA mode, the SPENGO token is not received.
Internal Error.
OAM-4
An authentication exception is raised for some reason.
System error. Please contact the System Administrator.
OAM-5
The user account gets locked because of certain conditions (exceeded invalid attempts, for instance).
OIM Integration. The Error page appears with contact details after the password is validated.
The user account is locked or disabled.
Please contact the System Administrator.
OAM-5
The user account gets locked because of certain conditions (exceeded invalid attempts, for instance).
OID Without OIM Integration: The Error page appears with contact details after the password is validated.
The user account is locked or disabled.
Please contact the System Administrator.
OAM-5
The user account is disabled.
The user account is locked or disabled.
Please contact the System Administrator.
OAM-6
The user has exceeded the maximum number of allowed sessions, which is a configurable attribute.
The user has already reached the maximum allowed number of sessions. Please close one of the existing sessions before trying to login again.
OAM-7
Failure could be due to multiple reasons; the exact reason is not propagated to the user level for security reasons. For instance:
  • The request ID could have been lost
  • The certificate is not retrieved correctly
The default error message is displayed when no other specific messages are propagated up.
System error. Please re-try your action. If you continue to get this error, please contact the Administr

1 comment: