diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java
index 4a2a129c5aa..27ebd98f960 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/ApiKeyAuthenticatingRealm.java
@@ -173,7 +173,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
         // Check if lockout policy is blocking credential
         Map<String, Object> credentialServiceConfig;
         try {
-            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getScopeId()));
+            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getId()));
             boolean lockoutPolicyEnabled = (boolean) credentialServiceConfig.get("lockoutPolicy.enabled");
             if (lockoutPolicyEnabled) {
                 Date now = new Date();
@@ -240,6 +240,7 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
         Credential credential = (Credential) kapuaInfo.getCredentials();
         credential.setFirstLoginFailure(null);
         credential.setLoginFailuresReset(null);
+        credential.setLockoutReset(null);
         credential.setLoginFailures(0);
         try {
             KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java
index ec260331e41..bcb7caaf3d0 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/shiro/realm/UserPassAuthenticatingRealm.java
@@ -178,7 +178,7 @@ protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authent
         // Check if lockout policy is blocking credential
         Map<String, Object> credentialServiceConfig;
         try {
-            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getScopeId()));
+            credentialServiceConfig = KapuaSecurityUtils.doPrivileged(() -> credentialService.getConfigValues(account.getId()));
             boolean lockoutPolicyEnabled = (boolean) credentialServiceConfig.get("lockoutPolicy.enabled");
             if (lockoutPolicyEnabled) {
                 Date now = new Date();
@@ -245,6 +245,7 @@ protected void assertCredentialsMatch(AuthenticationToken authcToken, Authentica
         Credential credential = (Credential) kapuaInfo.getCredentials();
         credential.setFirstLoginFailure(null);
         credential.setLoginFailuresReset(null);
+        credential.setLockoutReset(null);
         credential.setLoginFailures(0);
         try {
             KapuaSecurityUtils.doPrivileged(() -> credentialService.update(credential));