13.3 Managing Secure Error Modes

A custom error page is packaged as part of the custom login application. An out-of-the-box custom Web application archive file is provided that you can use as a starting point to develop customized login and password pages.

Server Error Mode settings are global and common to all OAM Servers in the WebLogic administration domain. This section provides the following topics:

• OAM Server Error Modes

• Viewing or Editing OAM Server Secure Error Modes

13.3.1 OAM Server Error Modes

The OAM Server Error Mode appears on the Load Balancing Settings area of the Access Manager Settings page.

Figure 13-1 shows the Server Error Mode function.

Figure 13-2 Access Manager Settings: Server Error Mode

Description of "Figure 13-2 Access Manager Settings: Server Error Mode"

Table 13-2 describes the options you can choose to configure Server Error Mode for your deployment.

Table 13-2 Server Error Mode

Element

Description

Server Error Mode

The setting you choose determines the nature of error messages and error codes returned by the OAM Server when an operation fails (because of an invalid username or password, for example, or a server error (connection to the LDAP Server is down)). Choose one of the following settings to configure error messages with varying degrees of security for your custom login pages: SECURE: Most secure. Provides generic error messages that barely give any hint of the internal reason for the error. EXTERNAL: Recommended level. INTERNAL: Least secure level. Recommended for Password Policy validation, as described in "Managing Global Password Policy". OSSO10g: Compatible with OSSO 10g. Might be required in upgraded environments for consistency. See Also: "Viewing or Editing OAM Server Secure Error Modes"

Table 13-3 shows the error triggering condition and message codes for each of the three modes.

Table 13-3 Error Trigger Condition, Modes, and Message Codes

Error Triggering Condition	Internal Mode	External Mode	Secure Mode
Invalid login attempt	OAM-1	OAM-2	OAM-8
Processing submitted credentials fails. For example: In WNA mode, the SPNEGO token is not received.	OAM-3	OAM-3	OAM-8
An authentication exception is raised.	OAM-4	OAM-4	OAM-9
User account gets locked based on certain conditions (exceeded invalid attempts, for instance).	OAM-5	OAM-5	OAM-8 OAM-9 with OIM integration
User account disabled.	OAM-5	OAM-5	OAM-9
User has exceeded the maximum number of allowed sessions (a configurable attribute).	OAM-6	OAM-6	OAM-9
Default error message, which is displayed when no other specific messages propagate up. This is not propagated to the user level. Cause could be multiple conditions.	OAM-7	OAM-7	OAM-9
Password expired.	OAM-10	OAM-10	OAM-9

Table 13-4 identifies the error codes, trigger conditions, and recommended messages.

See Also:

Developing Custom Error Pages in the Oracle Fusion Middleware Developer's Guide for Oracle Access Management

Table 13-4 External Error Codes, Trigger Conditions, and Recommended Messages

External Error Code	Trigger Condition	Recommended Display Message
OAM-1	Invalid login attempts less than the allowed count.	An incorrect Username or Password was specified
OAM-2	Invalid login attempts less than the allowed count.	An incorrect Username or Password was specified
OAM-3	Processing submitted credentials fails for some reason. For example: in WNA mode, the SPENGO token is not received.	Internal Error.
OAM-4	An authentication exception is raised for some reason.	System error. Please contact the System Administrator.
OAM-5	The user account gets locked because of certain conditions (exceeded invalid attempts, for instance). OIM Integration. The Error page appears with contact details after the password is validated.	The user account is locked or disabled. Please contact the System Administrator.
OAM-5	The user account gets locked because of certain conditions (exceeded invalid attempts, for instance). OID Without OIM Integration: The Error page appears with contact details after the password is validated.	The user account is locked or disabled. Please contact the System Administrator.
OAM-5	The user account is disabled.	The user account is locked or disabled. Please contact the System Administrator.
OAM-6	The user has exceeded the maximum number of allowed sessions, which is a configurable attribute.	The user has already reached the maximum allowed number of sessions. Please close one of the existing sessions before trying to login again.
OAM-7	Failure could be due to multiple reasons; the exact reason is not propagated to the user level for security reasons. For instance: The request ID could have been lost The certificate is not retrieved correctly The default error message is displayed when no other specific messages are propagated up.	System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
OAM-8	See Table 13-3	Authentication failed.
OAM-9	System error. Please re-try your action. If you continue to get this error, please contact the Administrator.	System error. Please re-try your action. If you continue to get this error, please contact the Administrator.
OAM-10	Password expired.	The password has expired.

13.3.2 Viewing or Editing OAM Server Secure Error Modes

Users with valid Administrator credentials can view or edit Access Manager secure error mode settings for OAM Servers using the Oracle Access Management Console.

See Also:

"About Common Load Balancing Settings"

To view or edit:

1. In the Configuration console, select Access Manager from the View menu in the Settings section.
2. On the Access Manager Settings page, expand the Load Balancing section.
3. Server Error Mode:

   • Modify: Choose the desired Server Error Mode for your deployment (Table 13-2 and Table 13-4).

   • View Only: Close the page when you finish.

4. Click Apply to submit the changes (or close the page without applying changes).
5. Dismiss the Confirmation window.
6. Proceed to "Managing SSO Tokens and IP Validation".