This is more for 12.0.x since
OPENAM-10056 has fixed the reasons to be printed in audit log for 13.5.x or 14.x.
1. Enable account lock feature
2. Fail to login for pre-configured lock time until user is locked out.
2. Execute the REST call to authenticate the locked user with correct credentials.
3. Rest response is "User Account is locked"
4. But audit log writes "Login Failed" generic message.
13.5.x and 14.x