Hi All,

I tried the steps included in doc [1]. As it describes, after 5 invalid
login attempts, the particular user account gets locked. After 5 minutes,
as per the config, once user tries to log in with correct credentials, he
is able to log in and the account gets unlocked.

As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
not equal to zero only above process happens. If it is 0, then the admin
user needs to unlock the user account through Management Console or through
Admin Services. [3]

When a user gets self signed up, the role which that user gets assigned is
*Internal/selfsignup* and permission given is login only. But even if above
value is 0, selfsignup user can get his account unlocked after the
specified time. Admin user does not need to do it through the Management
Console.

Therefore, what is the actual purpose of
Authentication.Policy.Account.Lock.Time
property  in <IS_HOME>/repository/conf/identity/identity-mgt.properties
file?

Is above information in the doc[2] and doc[3] not valid for
self-signup users?

[1] -
https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
[2] -
https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts
[3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account


Any thoughts are appreciated.


*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to