Re: [Dev] Clarification on user account unlock - self signup users

2018-07-02 Thread Gayan Yalpathwala 
On Tue, Jul 3, 2018 at 11:26 AM Gayan Yalpathwala  wrote:

> Hi Isura,
>
> I have encountered the same problem in IS 5.3.0 as well. The user account
> gets locked after 3 failed attempts, but gets unlocked after 5 minutes,
> whereas I need the account to be unlocked by the admin.
>
> Here are the configuration values I have set in identity-event.properties.
>
> account.lock.handler.enable=true
> account.lock.handler.login.fail.timeout.ratio=2
> account.lock.handler.On.Failure.Max.Attempts=3
> account.lock.handler.Time=5
>
> I have also tried after setting below properties to 0, without any luck.
>
>- account.lock.handler.Time in identity-event.properties (Also tried
>after changing the respective property in mgt. console).
>
> When this value is set to 0, account status is shown as locked in user
profile, although it gets unlocked right away after a success login.

>
>- Authentication.Policy.Account.Lock.Time in identity-event.properties.
>
> Sorry, I meant identity-mgt.properties* here.

> Thanks,
>
>
>
> On Thu, Feb 22, 2018 at 6:15 PM Harsha Thirimanna 
> wrote:
>
>>
>>
>> On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne 
>> wrote:
>>
>>> Hi Isuru,
>>>
>>>
>>>
>>> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage  wrote:
>>>
 Hi All,

 I tried the steps included in doc [1]. As it describes, after 5 invalid
 login attempts, the particular user account gets locked. After 5 minutes,
 as per the config, once user tries to log in with correct credentials, he
 is able to log in and the account gets unlocked.

 As per doc[2] step 6, it says if
 Authentication.Policy.Account.Lock.Time is not equal to zero only
 above process happens. If it is 0, then the admin user needs to unlock the
 user account through Management Console or through Admin Services. [3]

 When a user gets self signed up, the role which that user gets assigned
 is  *Internal/selfsignup* and permission given is login only. But even
 if above value is 0, selfsignup user can get his account unlocked after the
 specified time. Admin user does not need to do it through the Management
 Console.

 Therefore, what is the actual purpose of 
 Authentication.Policy.Account.Lock.Time
 property  in /repository/conf/identity/identity-mgt.properties
 file?

>>>
>>> This doc needs to be corrected.  It should be account.lock.handler.Time
>>> in identity.xml. But, file based configuratoins applied for super tenant at
>>> the first server startup only.
>>>
>>
>> ​@Isura,
>>
>> Is this from IS 5.5.0 onward only ?​
>>
>>
>>
>>>
>>> Ideally, the self signup users should be unlocked based on unlock time
>>> configurations.
>>>
>>> Regads,
>>> Isura.
>>>
>>> That need
>>>

 Is above information in the doc[2] and doc[3] not valid for
 self-signup users?

 [1] -
 https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
 [2] -
 https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts
 [3] -
 https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account


 Any thoughts are appreciated.


 *Thanks and Best Regards,*

 *Isuru Uyanage*
 *Software Engineer - QA | WSO2*
 *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
 *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
 *




>>>
>>>
>>> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> *Gayan Kaushalya Yalpathwala*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> LK: +94 71 868 2704
> US: (408) 386-7521
>
> 
>


-- 
*Gayan Kaushalya Yalpathwala*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

LK: +94 71 868 2704
US: (408) 386-7521


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on user account unlock - self signup users

2018-07-02 Thread Gayan Yalpathwala 
Hi Isura,

I have encountered the same problem in IS 5.3.0 as well. The user account
gets locked after 3 failed attempts, but gets unlocked after 5 minutes,
whereas I need the account to be unlocked by the admin.

Here are the configuration values I have set in identity-event.properties.

account.lock.handler.enable=true
account.lock.handler.login.fail.timeout.ratio=2
account.lock.handler.On.Failure.Max.Attempts=3
account.lock.handler.Time=5

I have also tried after setting below properties to 0, without any luck.

   - account.lock.handler.Time in identity-event.properties (Also tried
   after changing the respective property in mgt. console).
   - Authentication.Policy.Account.Lock.Time in identity-event.properties.

Thanks,



On Thu, Feb 22, 2018 at 6:15 PM Harsha Thirimanna  wrote:

>
>
> On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne  wrote:
>
>> Hi Isuru,
>>
>>
>>
>> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage  wrote:
>>
>>> Hi All,
>>>
>>> I tried the steps included in doc [1]. As it describes, after 5 invalid
>>> login attempts, the particular user account gets locked. After 5 minutes,
>>> as per the config, once user tries to log in with correct credentials, he
>>> is able to log in and the account gets unlocked.
>>>
>>> As per doc[2] step 6, it says if
>>> Authentication.Policy.Account.Lock.Time is not equal to zero only above
>>> process happens. If it is 0, then the admin user needs to unlock the user
>>> account through Management Console or through Admin Services. [3]
>>>
>>> When a user gets self signed up, the role which that user gets assigned
>>> is  *Internal/selfsignup* and permission given is login only. But even
>>> if above value is 0, selfsignup user can get his account unlocked after the
>>> specified time. Admin user does not need to do it through the Management
>>> Console.
>>>
>>> Therefore, what is the actual purpose of 
>>> Authentication.Policy.Account.Lock.Time
>>> property  in /repository/conf/identity/identity-mgt.properties
>>> file?
>>>
>>
>> This doc needs to be corrected.  It should be account.lock.handler.Time
>> in identity.xml. But, file based configuratoins applied for super tenant at
>> the first server startup only.
>>
>
> ​@Isura,
>
> Is this from IS 5.5.0 onward only ?​
>
>
>
>>
>> Ideally, the self signup users should be unlocked based on unlock time
>> configurations.
>>
>> Regads,
>> Isura.
>>
>> That need
>>
>>>
>>> Is above information in the doc[2] and doc[3] not valid for
>>> self-signup users?
>>>
>>> [1] -
>>> https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
>>> [2] -
>>> https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts
>>> [3] -
>>> https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account
>>>
>>>
>>> Any thoughts are appreciated.
>>>
>>>
>>> *Thanks and Best Regards,*
>>>
>>> *Isuru Uyanage*
>>> *Software Engineer - QA | WSO2*
>>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>>> *
>>>
>>>
>>>
>>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: is...@wso2.com
>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Gayan Kaushalya Yalpathwala*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

LK: +94 71 868 2704
US: (408) 386-7521


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on user account unlock - self signup users

2018-02-22 Thread Harsha Thirimanna 
On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne  wrote:

> Hi Isuru,
>
>
>
> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I tried the steps included in doc [1]. As it describes, after 5 invalid
>> login attempts, the particular user account gets locked. After 5 minutes,
>> as per the config, once user tries to log in with correct credentials, he
>> is able to log in and the account gets unlocked.
>>
>> As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
>> not equal to zero only above process happens. If it is 0, then the admin
>> user needs to unlock the user account through Management Console or through
>> Admin Services. [3]
>>
>> When a user gets self signed up, the role which that user gets assigned
>> is  *Internal/selfsignup* and permission given is login only. But even
>> if above value is 0, selfsignup user can get his account unlocked after the
>> specified time. Admin user does not need to do it through the Management
>> Console.
>>
>> Therefore, what is the actual purpose of 
>> Authentication.Policy.Account.Lock.Time
>> property  in /repository/conf/identity/identity-mgt.properties
>> file?
>>
>
> This doc needs to be corrected.  It should be account.lock.handler.Time in
> identity.xml. But, file based configuratoins applied for super tenant at
> the first server startup only.
>

​@Isura,

Is this from IS 5.5.0 onward only ?​



>
> Ideally, the self signup users should be unlocked based on unlock time
> configurations.
>
> Regads,
> Isura.
>
> That need
>
>>
>> Is above information in the doc[2] and doc[3] not valid for
>> self-signup users?
>>
>> [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+
>> Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
>> [2] - https://docs.wso2.com/display/IS550/Account+Locking+by+
>> Failed+Login+Attempts
>> [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account
>>
>>
>> Any thoughts are appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on user account unlock - self signup users

2018-02-22 Thread Isuru Uyanage 
Hi Isura,

thanks for the reply. Created an issue for that.
https://github.com/wso2/product-is/issues/2590


Thanks
Isuru

*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*




On Thu, Feb 22, 2018 at 2:55 PM, Isura Karunaratne  wrote:

> Hi Isuru,
>
>
>
> On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage  wrote:
>
>> Hi All,
>>
>> I tried the steps included in doc [1]. As it describes, after 5 invalid
>> login attempts, the particular user account gets locked. After 5 minutes,
>> as per the config, once user tries to log in with correct credentials, he
>> is able to log in and the account gets unlocked.
>>
>> As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
>> not equal to zero only above process happens. If it is 0, then the admin
>> user needs to unlock the user account through Management Console or through
>> Admin Services. [3]
>>
>> When a user gets self signed up, the role which that user gets assigned
>> is  *Internal/selfsignup* and permission given is login only. But even
>> if above value is 0, selfsignup user can get his account unlocked after the
>> specified time. Admin user does not need to do it through the Management
>> Console.
>>
>> Therefore, what is the actual purpose of 
>> Authentication.Policy.Account.Lock.Time
>> property  in /repository/conf/identity/identity-mgt.properties
>> file?
>>
>
> This doc needs to be corrected.  It should be account.lock.handler.Time in
> identity.xml. But, file based configuratoins applied for super tenant at
> the first server startup only.
>
> Ideally, the self signup users should be unlocked based on unlock time
> configurations.
>
> Regads,
> Isura.
>
> That need
>
>>
>> Is above information in the doc[2] and doc[3] not valid for
>> self-signup users?
>>
>> [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+and+
>> Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
>> [2] - https://docs.wso2.com/display/IS550/Account+Locking+by+
>> Failed+Login+Attempts
>> [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account
>>
>>
>> Any thoughts are appreciated.
>>
>>
>> *Thanks and Best Regards,*
>>
>> *Isuru Uyanage*
>> *Software Engineer - QA | WSO2*
>> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
>> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
>> *
>>
>>
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Clarification on user account unlock - self signup users

2018-02-22 Thread Isura Karunaratne 
Hi Isuru,



On Thu, Feb 22, 2018 at 2:26 PM, Isuru Uyanage  wrote:

> Hi All,
>
> I tried the steps included in doc [1]. As it describes, after 5 invalid
> login attempts, the particular user account gets locked. After 5 minutes,
> as per the config, once user tries to log in with correct credentials, he
> is able to log in and the account gets unlocked.
>
> As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
> not equal to zero only above process happens. If it is 0, then the admin
> user needs to unlock the user account through Management Console or through
> Admin Services. [3]
>
> When a user gets self signed up, the role which that user gets assigned is
>  *Internal/selfsignup* and permission given is login only. But even if
> above value is 0, selfsignup user can get his account unlocked after the
> specified time. Admin user does not need to do it through the Management
> Console.
>
> Therefore, what is the actual purpose of 
> Authentication.Policy.Account.Lock.Time
> property  in /repository/conf/identity/identity-mgt.properties
> file?
>

This doc needs to be corrected.  It should be account.lock.handler.Time in
identity.xml. But, file based configuratoins applied for super tenant at
the first server startup only.

Ideally, the self signup users should be unlocked based on unlock time
configurations.

Regads,
Isura.

That need

>
> Is above information in the doc[2] and doc[3] not valid for
> self-signup users?
>
> [1] - https://docs.wso2.com/display/IS550/Self+Sign+Up+
> and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
> [2] - https://docs.wso2.com/display/IS550/Account+Locking+
> by+Failed+Login+Attempts
> [3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account
>
>
> Any thoughts are appreciated.
>
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> *
>
>
>
>


-- 

*Isura Dilhara Karunaratne*
Associate Technical Lead | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Clarification on user account unlock - self signup users

2018-02-22 Thread Isuru Uyanage 
Hi All,

I tried the steps included in doc [1]. As it describes, after 5 invalid
login attempts, the particular user account gets locked. After 5 minutes,
as per the config, once user tries to log in with correct credentials, he
is able to log in and the account gets unlocked.

As per doc[2] step 6, it says if Authentication.Policy.Account.Lock.Time is
not equal to zero only above process happens. If it is 0, then the admin
user needs to unlock the user account through Management Console or through
Admin Services. [3]

When a user gets self signed up, the role which that user gets assigned is
*Internal/selfsignup* and permission given is login only. But even if above
value is 0, selfsignup user can get his account unlocked after the
specified time. Admin user does not need to do it through the Management
Console.

Therefore, what is the actual purpose of
Authentication.Policy.Account.Lock.Time
property  in /repository/conf/identity/identity-mgt.properties
file?

Is above information in the doc[2] and doc[3] not valid for
self-signup users?

[1] -
https://docs.wso2.com/display/IS550/Self+Sign+Up+and+Account+Confirmation#SelfSignUpandAccountConfirmation-Tryoutselfsignup
[2] -
https://docs.wso2.com/display/IS550/Account+Locking+by+Failed+Login+Attempts
[3] - https://docs.wso2.com/display/IS550/Locking+a+Specific+User+Account


Any thoughts are appreciated.


*Thanks and Best Regards,*

*Isuru Uyanage*
*Software Engineer - QA | WSO2*
*Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
*LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev