Closing based on UCT production experience

Also need to invalidate the user cache as that also maps this data:

if (rv.size() > 0)
{
String eid = (String) rv.get(0);
cache.put(new Element(IDCACHE+eid,id));
cache.put(new Element(EIDCACHE+id,eid));
return eid;
}
cache.put(new Element(EIDCACHE+id,null));

I think the issue here is the authentication cache:

// the evidence id must match a defined User
User user = userDirectoryService().authenticate(evidence.getIdentifier(), evidence.getPassword());
if (user == null)
{
authenticationCache().putAuthenticationFailure(evidence.getIdentifier(), evidence.getPassword());
throw new AuthenticationException("Invalid Login: Either user not found or password incorrect.");
}

Basically an observer should invalidate that entry on a user.add event . It would seem the solution would be a listener in UserAuthnComponent that invalidated these entries in that case

I am unassigning this issue as it gives the wrong impression. I dont have enough hours in the day to look at this issue at the moment and keeping it assigned to me give the reporter hope that I might be able to look at it. I am very sorry. If this issue is a real blocker for production then I would suggest you look for resource in the community to fix the problem, I am happy to respond to emails and guide. Where the code base is Rwiki or Search, I have absolutely no problem with someone else working on the code, this after all is a community.

Still unresolved as far as I'm aware.