Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Account locking after n number of invalid attempts AEM.

Avatar

Avatar
Validate 1
Level 2
sahilw46733527
Level 2

Likes

3 likes

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 3
View profile

Avatar
Validate 1
Level 2
sahilw46733527
Level 2

Likes

3 likes

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 3
View profile
sahilw46733527
Level 2

11-02-2019

Account locking after n number of invalid attempts AEM , any pointers for this implementation

Replies

Avatar

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

133 likes

Total Posts

541 posts

Correct Reply

164 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

133 likes

Total Posts

541 posts

Correct Reply

164 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile
PuzanovsP
MVP

12-02-2019

Dear Sahil,

Thanks for asking this question.

If you are planning to rely on OOTB Apache Sling, Brilliant Framework! Then you need to listen on the org.apache.sling.auth.core.AuthConstants.TOPIC_LOGIN_FAILED event and implement a failed login throttling solution, as per your needs, e.g. count number of failures in an hour and if more then x lock the account.

API's as per Sling Exist, it just needs your tailoring to make it fit for your requirements.

Regards,

Peter

Avatar

Avatar
Validate 1
Level 2
sahilw46733527
Level 2

Likes

3 likes

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 3
View profile

Avatar
Validate 1
Level 2
sahilw46733527
Level 2

Likes

3 likes

Total Posts

12 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Ignite 5
Ignite 3
Ignite 1
Give Back 3
View profile
sahilw46733527
Level 2

13-02-2019

Hi Peter,

I couldn't find TOPIC_LOGIN_FAILED event for Auth Constants AuthConstants ("The Adobe AEM Quickstart and Web Application.")  Kindly confirm if I'm going in right direction ?

Avatar

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

133 likes

Total Posts

541 posts

Correct Reply

164 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile

Avatar
Validate 25
MVP
PuzanovsP
MVP

Likes

133 likes

Total Posts

541 posts

Correct Reply

164 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Contributor 2
Ignite 10
View profile
PuzanovsP
MVP

13-02-2019

Hey Sahil,

You need newer Sling code/AEM version,

As per [SLING-7939] SlingAuthenticator should post an event for login failures - ASF JIRA  your exact issue got resolved in Auth Core 1.4.4.

"The login failure events would be useful for the implementation of a failed login throttling solution to prevent brute force dictionary attacks against sling to guess user passwords.  An unlimited number of failed logins should not be allowed, but we need some way to gather the information to thwart it."

Regards,

Peter

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,086 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,086 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

13-02-2019

I would recommend you to use a proper Identity Management tool, which should be a able to handle such requirements with ease. AEM has authentication features, but blocking accounts after a number of unsuccesfull tries... it's doable, but you get it for free on other tools. And there is good documentation how SSO can be enabled on AEM.

Jörg