We have a task configured in IDM "MFA OTP Lock & Unlock", when a user enter 5 wrong OTPs, based on the ReadPasswordBlob.properties file and the blth, should set a users disabled state to 2 and lock their account for 1 hour.

When the user is entering 5 incorrect otps, their disabled state is successfully being changed to 2, however when they try to log back in again before 1 hour, there account is reenabled and disabled state is changed back to 0. 

Also, when a user enters incorrect password for more than 3 times, in that case too their disabled state is being changed to 2, however in this case their account is locked for 1 hour and they are not able to log back in before that.

We are attaching the snippet of log when we are executing the MFA OTP Lock & Unlock Task

Release : 14.4

This is being provided without support and as an example only.

Broadcom support does not provide support for code customizations as pointed out at the begining of the ticket here:
  https://ftpdocs.broadcom.com/cadocs/0/contentimages/CA-Work-Support-UG.pdf
  Listed under 2.4.1 Limitations, bullet point 4
  
The BLTH that this case was opened for was written for 12.6, Although it works in 14.3, we cannot help with finding out why it does not work in 14.4
Code changes in versions are common, and it is up to the customer to recode custom code as needed.
  
That being said, we can help with testing out our samples, as requested, I have taken the sample of setManagerBLTH and added debug logging :

In 14.4, and use of java 8

First, you must download log4j
https://downloads.apache.org/logging/log4j/

These log4j libraries must be added to the samples lib folder
..\CA-IM_Tools\lib

you then MUST Edit the make_sample.bat to include log4j classes:
%JAVAC_EXE% -classpath .;%IMS_LIB_PATH%\ims.jar;%IMS_LIB_PATH%\imsapi6.jar;%IMS_LIB_PATH%\smcrypto.jar;%IMS_LIB_PATH%\smjavasdk2.jar;%IMS_LIB_PATH%\log4j-1.2-api-2.20.0.jar -d . BLTHSetManager.java

Add this to the import section of the setMangerBLTH:
import org.apache.log4j.Logger;

After:
public class BLTHSetManager extends BLTHAdapter {
    
Add this line to get the class name:
private static Logger logger = Logger.getLogger(BLTHSetManager.class.getName());

Now throughout the class you can add these types of messages:
logger.error("This is the message");

Example:

        // The next line has been added for debug log testing
        logger.error("We are not trying to set the string managerUniqueName");
        
        String managerUniqueName = blthContext.getAdminUniqueName();

        // The next line has been added for debug log testing        
        logger.error("We have set the managerUniqueName to" + managerUniqueName);

You can all add onscreen messages here:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/programming/programming-guide-for-java/business-logic-task-handler-api/custom-messages-for-the-business-logic-task-handler-api/custom-message-example.html

To deploy the class:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/programming/programming-guide-for-java/compiling-and-deploying/deploying-run-time-files.html

To add to the IME:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/programming/programming-guide-for-java/business-logic-task-handler-api/configuring-business-logic-task-handlers.html

I used the Task-Specific for this sample:
com.ca.identitymanager.samples.BLTHSetManager

setManagerBLTH extended example code:
/*
* Copyright (C) 2009, CA. All rights reserved.
*
* CA makes no representations concerning either the merchantability of this 
* software or the suitability of this software for any particular purpose. 
* It is provided "as is" without express or implied warranty of any kind.
*/

package com.ca.identitymanager.samples;

import com.netegrity.imapi.BLTHAdapter;
import com.netegrity.imapi.BLTHContext;
import com.netegrity.ims.exception.IMSException;

import org.apache.log4j.Logger;

/**
 *  This is an example of Business Logic Task Handler (BLTH)
 *  that sets manager attribute to the unique name
 *  of the administrator that executes the task Create User.
 */

public class BLTHSetManager extends BLTHAdapter {
    
    // added for proper logging in jboss
private static Logger logger = Logger.getLogger(BLTHSetManager.class.getName());
    
    public void handleSetSubject(BLTHContext blthContext) throws Exception {
        // get current administrator name
        // The next line has been added for debug log testing
        logger.error("We are now trying to set the string managerUniqueName");
        
        String managerUniqueName = blthContext.getAdminUniqueName();

        // The next line has been added for debug log testing        
        logger.error("We have set the managerUniqueName to: " + managerUniqueName);
        
    
        if (managerUniqueName == null) {
            // The next line has been added for debug log testing
            logger.error("We have Failed to set the managerUniqueName it is null");
        
            // this message will be presented on the screen
            IMSException imsEx = new IMSException();
            imsEx.addUserMessage("Failed to get administrator unique name");
            throw imsEx;
        }
        try {
            // The next line has been added for debug log testing
            logger.error("We have a value in managerUniqueName, now setting the screenfiled context of the user's manager attribute to that value");
            
              // Setting RDB specific attribute
              // Attribute name "tblUsers.manager" may have different name in other directories,
              // for exemple: for LDAP it will be "manager"
              // Changed at time of test to manager imMangerId is the physical name of the attribute in the user directory.xml
              blthContext.getUser().setAttribute("imManagerId", managerUniqueName);

              logger.error("We have set the screenfiled context of the user's manager attribute to the value present in the string managerUniqueName");
              
            } catch (Exception ex) {
              // The next line has been added for debug log testing
              logger.error("We have FAILED to set the screenfiled context of the user's manager attribute to the value present in the string managerUniqueName");
              
              // this message will be presented on the screen
              IMSException imsEx = new IMSException();
              imsEx.addUserMessage("Failed to set admin unique name. " + ex.getMessage());
              throw imsEx;
        }
        logger.error("We have set the user's manager and are now exiting the BLTH");
    }
}

Now produces these messages in the application server log:

2023-03-20 11:24:27,353 ERROR [com.ca.identitymanager.samples.BLTHSetManager] (default task-2) We are now trying to set the string managerUniqueName
2023-03-20 11:24:27,354 ERROR [com.ca.identitymanager.samples.BLTHSetManager] (default task-2) We have set the managerUniqueName to: uid=imadmin,ou=people,ou=im,ou=ca,o=com
2023-03-20 11:24:27,354 ERROR [com.ca.identitymanager.samples.BLTHSetManager] (default task-2) We have a value in managerUniqueName, now setting the screenfiled context of the user's manager attribute to that value
2023-03-20 11:24:27,354 ERROR [com.ca.identitymanager.samples.BLTHSetManager] (default task-2) We have set the screenfiled context of the user's manager attribute to the value present in the string managerUniqueName
2023-03-20 11:24:27,354 ERROR [com.ca.identitymanager.samples.BLTHSetManager] (default task-2) We have set the user's manager and are now exiting the BLTH