Hi Isura,

thanks for the reply. Created an issue for that.
https://github.com/wso2/product-is/issues/2590


Thanks
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
<https://www.linkedin.com/in/isuru-uyanage/>*




On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne <is...@wso2.com> wrote:

> Hi Isuru,
>
>
>
> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage <isur...@wso2.com> wrote:
>
>> Hi All,
>>
>> I tried the steps included in doc [1]. As it describes, after 5 invalid
>> login attempts, the particular user account gets locked. After 5 minutes,
>> as per the config, once user tries to log in with correct credentials, he
>> is able to log in and the account gets unlocked.
>>
>> As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
>> not equal to zero only above process happens. If it is 0, then the admin
>> user needs to unlock the user account through Management Console or through
>> Admin Services. [3]
>>
>> When a user gets self signed up, the role which that user gets assigned
>> is  *Internal/selfsignup* and permission given is login only. But even
>> if above value is 0, selfsignup user can get his account unlocked after the
>> specified time. Admin user does not need to do it through the Management
>> Console.
>>
>> Therefore, what is the actual purpose of 
>> Authentication.Policy.Account.Lock.Time
>> property  in <IS_HOME>/repository/conf/identity/identity-mgt.properties
>> file?
>>
>
> This doc needs to be corrected.  It should be account.lock.handler.Time in
> identity.xml. But, file based configuratoins applied for super tenant at
> the first server startup only.
>
> Ideally, the self signup users should be unlocked based on unlock time
> configurations.
>
> Regads,
> Isura.
>
> That need
>
>>
>> Is above information in the doc[2] and doc[3] not valid for
>> self-signup users?
>>
>> [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+
>> Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
>> [2] - https://docs.wso2.com/display/IS550/Account+Locking+by+
>> Failed+Login+Attempts
>> [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account
>>
>>
>> Any thoughts are appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> <https://www.linkedin.com/in/isuru-uyanage/>*
>>
>>
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to