Login with Form Fill or Identity Injection can fail when all of the following conditions occur:
Your user store is configured to use Novell® SecretStore®.
The shared secrets needed for Form Fill or Identity Injection are locked because the shared secrets are used by another application that is using the enhanced security feature. For example, if the application writes a secret called ssn, and you use that same secret in a Form Fill or Identity Injection policy, that secret is locked whenever the admin changes the user’s password. Access Manager does not use the enhanced security feature when it writes shared secrets.
The new unlock feature for SecretStore can resolve this issue. See NetIQ Access Manager 3.1 SP5 Identity Server Guide.