Expand my Community achievements bar.

AEM Lockout feature

Avatar

Level 1

Hello All,

I have a requirement I.e in the higher env's whenever someone login using local option then if he entered the incorrect credentials then the particular account should be locked for some particular time.
How to achieve this, any suggestions on this.

 

Thanks

venkat  

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

8 Replies

Avatar

Level 1

Hi @sravs 
Thanks for your response, In the above-mentioned blog they are using the LDAP etc.

Is there any possibility to write post authentications servlet to do this.

Avatar

Community Advisor

@JagarlamudiVe 

There is no OOTB lockout feature available.

However if you are using Single sign on, then you can use your SSO provider functionalities to achieve it

Avatar

Community Advisor

@JagarlamudiVe Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community



Esteban Bustamante

Avatar

Employee Advisor

I would rely on a dedicated IDP, because these provide this feature ootb. 

 

Of course you can build something like this also in AEM, but it requires quite a bit of work to make it work properly.

Avatar

Community Advisor

Hi @JagarlamudiVe ,

Adobe Experience Manager (AEM) typically involves customizing the authentication mechanism to track login attempts and enforce lockout policies. Here's a high-level approach to achieve this:

  1. Custom Authentication Handler:

    • Develop a custom authentication handler or extend the existing one to intercept login attempts and track failed login attempts for each user.
  2. Track Failed Login Attempts:

    • Maintain a persistent record (e.g., in a database or a custom user property in the repository) to track failed login attempts for each user.
  3. Implement Lockout Policy:

    • Define a lockout policy specifying the maximum number of allowed failed login attempts and the lockout duration.
  4. Enforce Lockout:

    • Check the number of failed login attempts for each user during the authentication process. If the maximum threshold is exceeded, enforce the lockout policy by preventing further login attempts for a specified duration.
  5. Unlock Accounts:

    • Implement a mechanism to automatically unlock locked accounts after the lockout duration has elapsed.
  6. User Feedback:

    • Provide appropriate feedback to users during the login process, indicating when their account has been locked due to too many failed login attempts.
  7. Monitoring and Logging:

    • Implement logging and monitoring to track login attempts, lockout events, and account unlock events for auditing and troubleshooting purposes.
  8. Security Considerations:

    • Ensure that the lockout feature is implemented securely to prevent potential abuse or exploitation (e.g., by implementing rate limiting, preventing brute force attacks).
  9. Testing:

    • Thoroughly test the lockout feature in a non-production environment to ensure that it behaves as expected and does not inadvertently lock out legitimate users.
  10. Deployment:

    • Deploy the customized authentication handler and associated components to your higher environments, following your organization's deployment procedures.
  11. Documentation and Training:

    • Document the lockout feature, including how it works, any configuration options, and how to troubleshoot issues. Provide training to relevant personnel, such as administrators and support staff.

By following these steps, you can implement a lockout feature for incorrect login attempts in AEM to enhance security and protect against unauthorized access. Additionally, consider consulting with your organization's security and compliance teams to ensure that the implementation aligns with your organization's security policies and requirements.
Reference:

Avatar

Administrator

@JagarlamudiVe Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni