Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

Local user lockdown for 6 Password try fails for 30 minutes

Avatar

Level 1

5/27/21

Request for Feature Enhancement (RFE) Summary:  
Use-case: Local user lockdown for 6 Password try fails for 30 minutes
Current/Experienced Behavior: No such OOBT feature 
Improved/Expected Behavior: Local user lockdown for 6 Password try fails for 30 minutes
Environment Details (AEM version/service pack, any other specifics if applicable): All AEM/AMS instances
Customer-name/Organization name: Canadiantire Corp
Screenshot (if applicable):  
Code package (if applicable):  
7 Comments

Avatar

Employee Advisor

6/15/21

Hello @czhang1970 

Thanks for proposing this enhancement

Could you please elaborate on what would be the business case to have such a lock mechanism added in the product?

 

Status changed to: Needs Info

Avatar

Level 1

6/15/21

Canadian Tire has such password policy for all the systems. e.g. We have VPN credential for each employee. If the error pwd is entered 3 times. We lockdown this account for 30 minutes. This will reduce the workload for helpdesk to unlock the account and protect the password being breached.

 

We would need the same functions provided by AEM for local accounts. The federated accounts are fine since the authentication will happen in CTC side.

Avatar

Employee Advisor

6/24/21

Hello @czhang1970 

Thanks for the information provided

After information taken, having such a process in place could represent some security risk where accounts could be frozen using Denial Of Service

As you are mentioning that Federated accounts are fine, are you using AEM Cloud service?
In which case, the admin user password is generated during the environment creation, and having local users is not recommended, hence this should not be a problem here.

 

Status changed to: Needs Info

Avatar

Level 1

9/28/21

Hi @kautuk_sahni 

 

We still need to have several local accounts --

 

e.g. ctcadmin besides OOBT "admin" account, impoteraccount for service push data to authoring instance using basic authentication.

 

In this case, is this lockout feature is required for security enhancement. Is this feature request feasible? If yes, when will we expect it go with new SP?

 

Thanks

 

Charlie

 

Avatar

Employee Advisor

10/19/21

Hi @czhang1970 

Unfortunately as I mentioned in my previous comment, this request will not be considered by the engineering team due to the security concerns shared

Status changed to: Declined