After upgrading IDSP to version 3.4.2 from an older version, a user's strike count may fail to increment in the database (T_USER table) following a failed authentication attempt through a Custom Authenticator (Custom SPI). This issue typically affects existing Custom Providers that were configured before the upgrade.

Technical indicators include:

• Authentication failure is confirmed in the application logs.
• lastLoginFailureDateTime and STRIKE_COUNT in the T_USER table remain unchanged despite failures.
• Note: This behavior is not observed in fresh installations of IDSP 3.4.2, where Custom Providers are created with all current attributes initialized.

Product: Symantec Identity Security Platform (IDSP) / VIP Authentication Hub
Version: 3.4.2

The skipUserStrikeCountIncrement feature was first introduced in IDSP version 3.4.2 IDSP Release Notes 3.4.2.

During an upgrade from a version prior to 3.4.2, existing Custom Provider configurations do not automatically include or initialize this new field. In version 3.4.2, if this field is missing (null) from the stored provider configuration, the system logic fails to increment the strike count.

This issue is natively resolved in IDSP version 4.0, where the handling of Custom Provider attributes has been standardized to ensure correct default values regardless of upgrade path.

Workaround for IDSP 3.4.2 Upgrades

For environments upgraded to version 3.4.2, the field must be manually initialized for existing Custom Providers via the Administrative APIs:

1. Identify Affected Provider: Locate the providerId for the Custom Provider that was in use prior to the upgrade.

2. Execute PUT Update: Perform an Administrative API PUT call to update the Custom Provider configuration.

3. Explicitly Set Parameter: Include the following attribute in the request body and set it to false:
       "skipUserStrikeCountIncrement": false

4. Verification: Confirm that failed authentication attempts now correctly increment the STRIKE_COUNT in the T_USER table.