Hi Isura, I have encountered the same problem in IS 5.3.0 as well. The user account gets locked after 3 failed attempts, but gets unlocked after 5 minutes, whereas I need the account to be unlocked by the admin.
Here are the configuration values I have set in identity-event.properties. account.lock.handler.enable=true account.lock.handler.login.fail.timeout.ratio=2 account.lock.handler.On.Failure.Max.Attempts=3 account.lock.handler.Time=5 I have also tried after setting below properties to 0, without any luck. - account.lock.handler.Time in identity-event.properties (Also tried after changing the respective property in mgt. console). - Authentication.Policy.Account.Lock.Time in identity-event.properties. Thanks, On Thu, Feb 22, 2018 at 6:15 PM Harsha Thirimanna <[email protected]> wrote: > > > On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne <[email protected]> wrote: > >> Hi Isuru, >> >> >> >> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage <[email protected]> wrote: >> >>> Hi All, >>> >>> I tried the steps included in doc [1]. As it describes, after 5 invalid >>> login attempts, the particular user account gets locked. After 5 minutes, >>> as per the config, once user tries to log in with correct credentials, he >>> is able to log in and the account gets unlocked. >>> >>> As per doc[2] step 6, it says if >>> Authentication.Policy.Account.Lock.Time is not equal to zero only above >>> process happens. If it is 0, then the admin user needs to unlock the user >>> account through Management Console or through Admin Services. [3] >>> >>> When a user gets self signed up, the role which that user gets assigned >>> is *Internal/selfsignup* and permission given is login only. But even >>> if above value is 0, selfsignup user can get his account unlocked after the >>> specified time. Admin user does not need to do it through the Management >>> Console. >>> >>> Therefore, what is the actual purpose of >>> Authentication.Policy.Account.Lock.Time >>> property in <IS_HOME>/repository/conf/identity/identity-mgt.properties >>> file? >>> >> >> This doc needs to be corrected. It should be account.lock.handler.Time >> in identity.xml. But, file based configuratoins applied for super tenant at >> the first server startup only. >> > > @Isura, > > Is this from IS 5.5.0 onward only ? > > > >> >> Ideally, the self signup users should be unlocked based on unlock time >> configurations. >> >> Regads, >> Isura. >> >> That need >> >>> >>> Is above information in the doc[2] and doc[3] not valid for >>> self-signup users? >>> >>> [1] - >>> https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup >>> [2] - >>> https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts >>> [3] - >>> https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account >>> >>> >>> Any thoughts are appreciated. >>> >>> >>> *Thanks and Best Regards,* >>> >>> *Isuru Uyanage* >>> *Software Engineer - QA | WSO2* >>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>> <https://www.linkedin.com/in/isuru-uyanage/>* >>> >>> >>> >>> >> >> >> -- >> >> *Isura Dilhara Karunaratne* >> Associate Technical Lead | WSO2 >> Email: [email protected] >> Mob : +94 772 254 810 <+94%2077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Gayan Kaushalya Yalpathwala* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware LK: +94 71 868 2704 US: (408) 386-7521 <https://wso2.com/events/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
