Account unlocking using CURL

You must ascertain which node the user is blocked; follow the steps listed below:

1. Obtain amlbcookie from blocked-user (amlbcookie determines which OpenAM node is being used by the user), to do this, inspect the Request headers send by the client browser. Note that amlbcookie is sent in the cookie header.
2. As an OpenAM administrator, follow the instructions in the list below to determine which node is using amlbcookie:
   • Login to OpenAM as an OpenAM administrator (username: amadmin and password entered in deploy.properties/security.admin.password during installation of security bundle). From the menubar select deployment/servers, here you will find a server listing.
   • You now need to establish which server the user has been locked-out. To do this, on each server, check its amlbcookie (after clicking on the server choose Advanced and check value of the property com.iplanet.am.lbcookie.value). The property com.iplanet.am.lbcookie.value should be the same as amlbcookie.
   • By following the instructions in the points above, you can determine which OpenAM server address and port to be used in step 4 below.

   NOTE: The process listed in this step may be time-consuming, and in certain scenarios, it may be advisable to wait for the lockout time period determined in the deploy.properties file instead of carrying out this step.

curl -X PUT -H 
"iPlanetDirectoryPro: <SESSION TOKEN>" -H 
"Content-type: application/json" -d 
"{ \"sunAMAuthInvalidAttemptsData\":[] }" 
<ADDRESS>:<OPENAM PORT>/OpenAM/json/EngageOne/users/<LOCKED ACCOUNT NAME>