Hi all,
According to the C5 Identity Mangement implementation [1], it throws AuthenticationFailure exception for invalid credentials and due to that, POST_AUTHENTICATION event will *not* be triggered. It is required to trigger POST_AUTHENTICATION event for authentication failure scenarios as well. For example, it is required to increment user failed login count in account lock feature. I think AuthenticationContext[2] class should have the authentication status and it should be returned instead of AuthenticationFailure exception in authentication failed scenarios. WDYT ? [1] https://github.com/wso2/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/impl/IdentityStoreImpl.java#L1381 [2] https://github.com/wso2/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/AuthenticationContext.java#L22-22 Thanks *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
