Level 2

AEM Account lock feature

Forum|Forum|6 years ago
August 2, 2019
3 replies
5365 views

Hello,

I am looking for feature that exactly mentioned in the following idea(AEM Account Lockout feature request ).

Would like to track the failed attempts.
Once failed attempt limit reached, lock the account for certain time.
If possible, manual unlock process for locked accounts ?

How can this be enabled in the login ?

Note: If it helps, the normal users are already been implemented with SSO, its only the privileged accounts who doesn't follow SSO.

Appreciate your feedback.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

kautuk_sahni

Community Manager

Arun Patidar, JaideepBrar Vish.dhaliwal hamidk11679710 any thoughts here?

Kautuk Sahni

V

vish.dhaliwal

Adobe Employee

I totally agree with JaideepBrar. Log a daycare ticket and share the business requirements and use case details. Most importantly, provide the business impact.

Regards,

Vishu

U

user05162

Adobe Employee

As per my understanding, this is not available OOTB. Unless you are willing to write custom code, Please log a daycare ticket for requesting a formal enhancement request from Adobe Engineering team.

kautuk_sahni

Community Manager

One suggestion,

You can work with AEM logs,

Read: Monitoring and Maintaining Your CQ instance

Various log files are held on the file server where you installed AEM: <cq-installation-dir>/crx-quickstart/logs

access.log: All access requests to AEM WCM and the repository are registered here. Eg: Who is accessing and what resource are being accessed.
audit.log: Moderation actions are registered here. It provide record of who did what and when.
error.log: Error messages (of varying levels of severity) are registered here.
request.log: Each access request is registered here together with the response. Use to analyze/monitor response time, about how long a reqest takes.
stderr.log: Holds error messages, again of varying levels of severity, generated during startup. By default the log level is set to Warning (WARN)
stdout.log: Holds logging messages indicating events during startup. Eg: Setting sling.properties, sling.home, sling.launchpad, HTTP server port=4502 etc.
upgrade.log: Provides a log of all upgrade operations that runs from the com.day.compat.codeupgrade and com.adobe.cq.upgradesexecutor packages.

You can write custom service and can do the intended actions.

-Kautuk

Kautuk Sahni

vinayk1347926Author

Level 2

Thanks for the reply everyone.

Sure i could do little more research on how can i achieve my goal by writing a custom service code through AEM logs. And, I will also open a daycare ticket with the details in it for further resolutions.

arunpatidar

Community Advisor

Hi,

There is no OOTB solution for this but you can use below approach, just one of the suggestions

1. you can override /libs/granite/core/components/login/login.jsp

2. Check the return error message if it is type "User name and password do not match"

3. Use Subservice user to add property retry count to user e.g. /home/users/9/9KPNdPFkWv38m6MN1d5K

4. Check if user already reached limit show account lock message

5. If user successfully login remove retry property or reset

6. Create a page from where admin can remove rerty property from user to unlock account

7. Keep few users out of this like admin and others to avoid unintended lockout or create an utility to remove retry property.

Arun Patidar

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded