Hi All, I tried the steps included in doc . As it describes, after 5 invalid login attempts, the particular user account gets locked. After 5 minutes, as per the config, once user tries to log in with correct credentials, he is able to log in and the account gets unlocked.
As per doc step 6, it says if Authentication.Policy.Account.Lock.Time is not equal to zero only above process happens. If it is 0, then the admin user needs to unlock the user account through Management Console or through Admin Services.  When a user gets self signed up, the role which that user gets assigned is *Internal/selfsignup* and permission given is login only. But even if above value is 0, selfsignup user can get his account unlocked after the specified time. Admin user does not need to do it through the Management Console. Therefore, what is the actual purpose of Authentication.Policy.Account.Lock.Time property in <IS_HOME>/repository/conf/identity/identity-mgt.properties file? Is above information in the doc and doc not valid for self-signup users?  - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup  - https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts  - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account Any thoughts are appreciated. *Thanks and Best Regards,* *Isuru Uyanage* *Software Engineer - QA | WSO2* *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ <https://www.linkedin.com/in/isuru-uyanage/>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev