On 12/03/2015 21:31, John Ellinwood wrote:
Hi,
How do I setup Apache Syncope so that a user's account is
automatically unlocked after X minutes since their last failed login
attempt? Where X is configurable.
I've already set the Global Account Policy's Maximum number of
subsequent failed logins value.
I see that the user details in Syncope have a "Subsequent Failed
Logins" field, but I don't see any field for Last Failed Login Date.
Do I have to setup a custom task for this somehow?
Hi John,
temporary account lockout is not supported.
By setting the "Global Account Policy's Maximum number of subsequent
failed logins" you are in fact defining a *permanent* account lockout.
As suggested above, you currently need to setup a scheduled task for
unlocking users after some time they were locked as per this mechanism.
Unfortunately, there is no field for "Last Failed Login Date" and you'd
need to manage this information in your own project: this would require
you to (1) define a read-only user Date schema and (2) define and
configure a subclass of [1] with purpose of maintaining user attributes
for such new schema.
AFAICT there is room for an improvement: could you please file an issue
on JIRA? It needs to be targeted to 2.0.0 at least (no 1.2.X) because it
will introduce some changes at database schema level (mainly because the
new "Last Failed Login Date" needs to be managed properly and not as
user schema as instead suggested for the temporary workaround described
above).
Regards.
[1]
https://github.com/apache/syncope/blob/1_2_X/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
