AEM 6.5.4 -
I was looking for a guide/ sample on User password management. Found reference to 6.1 and even 5.x version, some no longer available, is there something more current?
1. configuring the user password policy
a. Max age allowed for a password
b. How many characters
c. Password Complexity rules
d. How often you can repeat your password
e. Disable user after x number of failed tries
....
2. Through servlets/models have back-end functions that will be called from our own site pages
a. Forgot my UserID
b. Forgot my password
c. Validate complexity and the updated password
d. Reset password
e. Unlock user account
....
Solved! Go to Solution.
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes
Views
Replies
Total Likes
Some additional comments for others
1. Password complexity: "Apache Jackrabbit Oak AuthorizableActionProvider" (https://jackrabbit.apache.org/oak/docs/security/user/authorizableaction.html) (http://www.sgaemsolutions.com/2019/10/how-to-set-password-policy-for-aem-users.html?m=1)
2. for AEM Form on JEE there is a feature to disable user after x number of failed login tries + second parameter to unlock the account automatically after y number of minutes)
This feature was also requested before for AEM on OSGI see: AEM Account Lockout feature request (https://experienceleaguecommunities.adobe.com/t5/adobe-experience-cloud-ideas/aem-account-lockout-fe....
@Mayank_Gandhi: Any update on the status of this?
As a solution:
There is a suggestion to overwrite the /libs/granite/core/components/login/login.jsp to add a counter to the user Account. See AEM Account lock feature (https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-account-lock-feature/t...)
You can then combine this with the "rep:disabled" node under a userAccount to disable the user after x fail tries and either force the user to reset his/her password or write a scheduled job to find and enable these accounts again after x minutes.
To add on, I came across this example that override the /j_security_check. We can look at this and adjust it accordingly to to implement our failed user count. Will try to do this in the coming days.
https://helpx.adobe.com/experience-manager/using/twofactor64.html
Views
Replies
Total Likes
Views
Likes
Replies