Ok. I see how to update the scheme and add the "last failed login date", or even "account suspension date" field. How do I populate those fields when the login failure happens? Do I use some kind of notifier? Or modify a workflow?
Could you point me in the right direction or to some examples of documentation? I've spent quite a bit of time googling and reading the Syncope documentation. I just need a little help with this part. Sent from my iPhone > On Mar 13, 2015, at 4:24 AM, Francesco Chicchiriccò <[email protected]> > wrote: > >> On 12/03/2015 21:31, John Ellinwood wrote: >> Hi, >> How do I setup Apache Syncope so that a user's account is automatically >> unlocked after X minutes since their last failed login attempt? Where X is >> configurable. >> >> I've already set the Global Account Policy's Maximum number of subsequent >> failed logins value. >> >> I see that the user details in Syncope have a "Subsequent Failed Logins" >> field, but I don't see any field for Last Failed Login Date. Do I have to >> setup a custom task for this somehow? >> > Hi John, > temporary account lockout is not supported. > > By setting the "Global Account Policy's Maximum number of subsequent failed > logins" you are in fact defining a *permanent* account lockout. > > As suggested above, you currently need to setup a scheduled task for > unlocking users after some time they were locked as per this mechanism. > Unfortunately, there is no field for "Last Failed Login Date" and you'd need > to manage this information in your own project: this would require you to (1) > define a read-only user Date schema and (2) define and configure a subclass > of [1] with purpose of maintaining user attributes for such new schema. > > AFAICT there is room for an improvement: could you please file an issue on > JIRA? It needs to be targeted to 2.0.0 at least (no 1.2.X) because it will > introduce some changes at database schema level (mainly because the new "Last > Failed Login Date" needs to be managed properly and not as user schema as > instead suggested for the temporary workaround described above). > > Regards. > > [1] > https://github.com/apache/syncope/blob/1_2_X/core/src/main/java/org/apache/syncope/core/security/SyncopeAuthenticationProvider.java > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC > http://people.apache.org/~ilgrosso/
