joelburke Respected Contributor.
Respected Contributor.
484 views

SSPR 5071 on accounts with lockedByIntruder


We are running SSPR ( v3.2.0.3 b40 r38536 ) with OSP for sso. We use
SAML2.

This error occurs when a user has lockedByIntruder = TRUE. They are not
actually locked, because the time in loginIntruderResetTime has passed.
Actually, the value has already been cleared since the lock time has
passed. It is my understanding that lockedByIntruder will remain TRUE
until the user authenticates to eDirectory or until it is manually
cleared. Our users do not authenticate to eDirectory. I wouldn't think
this would be a problem but SSPR throws the 5071 error every time the
user authenticates.

Does anybody have any suggestions on how to prevent SSPR from throwing
this error?


--
joelburke
------------------------------------------------------------------------
joelburke's Profile: https://forums.netiq.com/member.php?userid=9019
View this thread: https://forums.netiq.com/showthread.php?t=54237

0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: SSPR 5071 on accounts with lockedByIntruder

Hmmm......... that's an interesting one, and it sounds like SSPR
explicitly looks for things like that. A couple of options may help:

1. Duplicate with SSPR 3.3 and then we can report a bug.

2. You could potentially prevent your users from having rights to read
lockedByIntruder, so that SSPR no longer has rights to see that attribute,
meaning it will no longer be checked by SSPR. That's a workaround, for
sure, but it may help you in the short run.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: SSPR 5071 on accounts with lockedByIntruder

Hmmm......... that's an interesting one, and it sounds like SSPR
explicitly looks for things like that. A couple of options may help:

1. Duplicate with SSPR 3.3 and then we can report a bug.

2. You could potentially prevent your users from having rights to read
lockedByIntruder, so that SSPR no longer has rights to see that attribute,
meaning it will no longer be checked by SSPR. That's a workaround, for
sure, but it may help you in the short run.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.