WrenSecurity · karelmaxa · Jul 18, 2023
diff --git a/openam-core/src/main/java/com/sun/identity/authentication/service/AMAccountLockout.java b/openam-core/src/main/java/com/sun/identity/authentication/service/AMAccountLockout.java
@@ -25,6 +25,7 @@
  * $Id: AMAccountLockout.java,v 1.10 2009/03/06 22:09:20 hengming Exp $
  *
  * Portions Copyrighted 2013-2016 ForgeRock AS.
+ * Portions Copyrighted 2023 Wren Security
  */
 package com.sun.identity.authentication.service;
 
@@ -117,14 +118,8 @@ public void invalidPasswd(String username) {
             if (!isAccountLockout.isLockoutEnabled()) {
                 DEBUG.message("Failure lockout mode disabled");
             } else {
-                String userDN;
-                AMIdentity amIdentity = null;
-                if (isAccountLockout.getStoreInvalidAttemptsInDS() || !isAccountLockout.isMemoryLocking()) {
-                    amIdentity = AuthD.getAuth().getIdentity(IdType.USER, username, loginState.getOrgDN());
-                    userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
-                } else {
-                    userDN = normalizeDN(username);
-                }
+                AMIdentity amIdentity = AuthD.getAuth().getIdentity(IdType.USER, username, loginState.getOrgDN());
+                String userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
                 if (acInfo == null) {
                     acInfo = isAccountLockout.getAcInfo(userDN, amIdentity);
                 }
@@ -190,13 +185,8 @@ public void resetPasswdLockout(String token, boolean resetDuration) {
             // remove the hash entry for login failure for tokenID
             String userDN = null;
             if (token != null) {
-                AMIdentity amIdentity = null;
-                if (isAccountLockout.getStoreInvalidAttemptsInDS()) {
-                    amIdentity = AuthD.getAuth().getIdentity(IdType.USER, token, loginState.getOrgDN());
-                    userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
-                } else {
-                    userDN = normalizeDN(token);
-                }
+                AMIdentity amIdentity = AuthD.getAuth().getIdentity(IdType.USER, token, loginState.getOrgDN());
+                userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
 
                 if (acInfo == null) {
                     acInfo = isAccountLockout.getAcInfo(userDN, amIdentity);
@@ -260,14 +250,8 @@ public boolean isLockedOut(String userName) {
     private boolean isMemoryLockout(String aUserName) {
         boolean locked = false;
         try {
-            String userDN;
-            AMIdentity amIdentity = null;
-            if (isAccountLockout.getStoreInvalidAttemptsInDS()) {
-                amIdentity = AuthD.getAuth().getIdentity(IdType.USER, aUserName, loginState.getOrgDN());
-                userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
-            } else {
-                userDN = aUserName;
-            }
+            AMIdentity amIdentity = AuthD.getAuth().getIdentity(IdType.USER, aUserName, loginState.getOrgDN());
+            String userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
 
             if (acInfo == null) {
                 acInfo = isAccountLockout.getAcInfo(userDN, amIdentity);
@@ -306,10 +290,7 @@ public boolean isAccountLocked(String aUserName) {
         boolean locked = false;
         try {
             AMIdentity amIdentity = AuthD.getAuth().getIdentity(IdType.USER, aUserName, loginState.getOrgDN());
-            String userDN = normalizeDN(aUserName);
-            if (isAccountLockout.getStoreInvalidAttemptsInDS()) {
-                userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
-            }
+            String userDN = normalizeDN(IdentityUtils.getDN(amIdentity));
             if (acInfo == null) {
                 acInfo = isAccountLockout.getAcInfo(userDN, amIdentity);
             }