Highlighted

AEM Account lock feature

vinayk1347926

02-08-2019

Hello,

I am looking for feature that exactly mentioned in the following idea(AEM Account Lockout feature request ).

  • Would like to track the failed attempts.
  • Once failed attempt limit reached, lock the account for certain time.
  • If possible, manual unlock process for locked accounts ?

How can this be enabled in the login ?

Note: If it helps, the normal users are already been implemented with SSO, its only the privileged accounts who doesn't follow SSO.

Appreciate your feedback.

Replies

Highlighted

jbrar

Employee

07-08-2019

As per my understanding, this is not available OOTB. Unless you are willing to write custom code, Please log a daycare ticket for requesting a formal enhancement request from Adobe Engineering team.

Highlighted

Vish_dhaliwal

Employee

07-08-2019

I totally agree with JaideepBrar​. Log a daycare ticket and share the business requirements and use case details. Most importantly, provide the business impact.

Regards,

Vishu

Highlighted

kautuk_sahni

Community Manager

07-08-2019

One suggestion,

You can work with AEM logs,

Read: Monitoring and Maintaining Your CQ instance

Various log files are held on the file server where you installed AEM: <cq-installation-dir>/crx-quickstart/logs

  • access.log: All access requests to AEM WCM and the repository are registered here. Eg: Who is accessing and what resource are being accessed.
  • audit.log: Moderation actions are registered here. It provide record of who did what and when.
  • error.log: Error messages (of varying levels of severity) are registered here.
  • request.log: Each access request is registered here together with the response. Use to analyze/monitor response time, about how long a reqest takes.
  • stderr.log: Holds error messages, again of varying levels of severity, generated during startup. By default the log level is set to Warning (WARN)
  • stdout.log: Holds logging messages indicating events during startup. Eg: Setting sling.properties, sling.home, sling.launchpad, HTTP server port=4502 etc.
  • upgrade.log: Provides a log of all upgrade operations that runs from the com.day.compat.codeupgrade and com.adobe.cq.upgradesexecutor packages.

You can write custom service and can do the intended actions.

-Kautuk

Highlighted

vinayk1347926

07-08-2019

Thanks for the reply everyone.

Sure i could do little more research on how can i achieve my goal by writing a custom service code through AEM logs. And, I will also open a daycare ticket with the details in it for further resolutions.

Highlighted

Arun_Patidar

MVP

08-08-2019

Hi,

There is no OOTB solution for this but you can use below approach, just one of the suggestions

1. you can override /libs/granite/core/components/login/login.jsp

2. Check the return error message if it is type "User name and password do not match"

3. Use Subservice user to add property retry count to user e.g. /home/users/9/9KPNdPFkWv38m6MN1d5K

4. Check if user already reached limit show account lock message

5. If user successfully login remove retry property or reset

6. Create a page from where admin can remove rerty property from user to unlock account

7. Keep few users out of this like admin and others to avoid unintended lockout or create an utility to remove retry property.

Highlighted

vinayk1347926

08-08-2019

Really Appreciate Anil for your suggestion. If there is nothing OOTB and needed to implement this with custom code and i would be willing to.

I am not an expert and would welcome others to pitch in if they have any other ideas. Obviously, would prefer with minimal changes with out impacting the existing workflows to minimize risks.