Failed login attempts? | Community
Skip to main content
lisalin
October 16, 2015
Solved

Failed login attempts?

  • October 16, 2015
  • 3 replies
  • 2266 views

Does anyone know if AEM can lock the user account after certain failed login attempts?  It seems that we can brute force attack against user accounts with OOTB setting?

Best answer by smacdonald2008

Correct- this is not a documented feature and it not part of the out of the AEM demo - aka Geometrixx. We recently had an Ask the AEM community experts session on secure AEM web sites.

Although it did not talk about locking out users - it will point you in the right direction about using Sling and different login modules you can create. 

https://communities.adobe.com/en/communities/aem_technologistsdevelopersarchitects/resources.html

Your use case would require custom logic to lock an account after x number of failed login attempts. 

Also - i have not even seen a community article on this subject. This also suggests this is not an out of the box feature. 

3 replies

smacdonald2008
Level 10
October 16, 2015

You may want to look at writing a custom login module. Also - read this AEM documentation:

http://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

lisalin
lisalinAuthor
October 16, 2015

Thanks for the quick reply!

I have checked the doc and can't find the info.  Does it mean it's not supported by AEM OOTB?

smacdonald2008
smacdonald2008Accepted solution
Level 10
October 16, 2015

Correct- this is not a documented feature and it not part of the out of the AEM demo - aka Geometrixx. We recently had an Ask the AEM community experts session on secure AEM web sites.

Although it did not talk about locking out users - it will point you in the right direction about using Sling and different login modules you can create. 

https://communities.adobe.com/en/communities/aem_technologistsdevelopersarchitects/resources.html

Your use case would require custom logic to lock an account after x number of failed login attempts. 

Also - i have not even seen a community article on this subject. This also suggests this is not an out of the box feature.