On Tue, Jul 3, 2018 at 11:26 AM Gayan Yalpathwala <[email protected]> wrote:
> Hi Isura, > > I have encountered the same problem in IS 5.3.0 as well. The user account > gets locked after 3 failed attempts, but gets unlocked after 5 minutes, > whereas I need the account to be unlocked by the admin. > > Here are the configuration values I have set in identity-event.properties. > > account.lock.handler.enable=true > account.lock.handler.login.fail.timeout.ratio=2 > account.lock.handler.On.Failure.Max.Attempts=3 > account.lock.handler.Time=5 > > I have also tried after setting below properties to 0, without any luck. > > - account.lock.handler.Time in identity-event.properties (Also tried > after changing the respective property in mgt. console). > > When this value is set to 0, account status is shown as locked in user profile, although it gets unlocked right away after a success login. > > - Authentication.Policy.Account.Lock.Time in identity-event.properties. > > Sorry, I meant identity-mgt.properties* here. > Thanks, > > > > On Thu, Feb 22, 2018 at 6:15 PM Harsha Thirimanna <[email protected]> > wrote: > >> >> >> On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne <[email protected]> >> wrote: >> >>> Hi Isuru, >>> >>> >>> >>> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage <[email protected]> wrote: >>> >>>> Hi All, >>>> >>>> I tried the steps included in doc [1]. As it describes, after 5 invalid >>>> login attempts, the particular user account gets locked. After 5 minutes, >>>> as per the config, once user tries to log in with correct credentials, he >>>> is able to log in and the account gets unlocked. >>>> >>>> As per doc[2] step 6, it says if >>>> Authentication.Policy.Account.Lock.Time is not equal to zero only >>>> above process happens. If it is 0, then the admin user needs to unlock the >>>> user account through Management Console or through Admin Services. [3] >>>> >>>> When a user gets self signed up, the role which that user gets assigned >>>> is *Internal/selfsignup* and permission given is login only. But even >>>> if above value is 0, selfsignup user can get his account unlocked after the >>>> specified time. Admin user does not need to do it through the Management >>>> Console. >>>> >>>> Therefore, what is the actual purpose of >>>> Authentication.Policy.Account.Lock.Time >>>> property in <IS_HOME>/repository/conf/identity/identity-mgt.properties >>>> file? >>>> >>> >>> This doc needs to be corrected. It should be account.lock.handler.Time >>> in identity.xml. But, file based configuratoins applied for super tenant at >>> the first server startup only. >>> >> >> @Isura, >> >> Is this from IS 5.5.0 onward only ? >> >> >> >>> >>> Ideally, the self signup users should be unlocked based on unlock time >>> configurations. >>> >>> Regads, >>> Isura. >>> >>> That need >>> >>>> >>>> Is above information in the doc[2] and doc[3] not valid for >>>> self-signup users? >>>> >>>> [1] - >>>> https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup >>>> [2] - >>>> https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts >>>> [3] - >>>> https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account >>>> >>>> >>>> Any thoughts are appreciated. >>>> >>>> >>>> *Thanks and Best Regards,* >>>> >>>> *Isuru Uyanage* >>>> *Software Engineer - QA | WSO2* >>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* >>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ >>>> <https://www.linkedin.com/in/isuru-uyanage/>* >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Isura Dilhara Karunaratne* >>> Associate Technical Lead | WSO2 >>> Email: [email protected] >>> Mob : +94 772 254 810 <+94%2077%20225%204810> >>> Blog : http://isurad.blogspot.com/ >>> >>> >>> >>> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > -- > *Gayan Kaushalya Yalpathwala* > Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > LK: +94 71 868 2704 > US: (408) 386-7521 > > <https://wso2.com/events/> > -- *Gayan Kaushalya Yalpathwala* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware LK: +94 71 868 2704 US: (408) 386-7521 <https://wso2.com/events/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
