Adobe Experience Manager Sites & More

lisalin · 10/15/15

Does anyone know if AEM can lock the user account after certain failed login attempts? It seems that we can brute force attack against user accounts with OOTB setting?

smacdonald2008 · 10/15/15

Correct- this is not a documented feature and it not part of the out of the AEM demo - aka Geometrixx. We recently had an Ask the AEM community experts session on secure AEM web sites.

Although it did not talk about locking out users - it will point you in the right direction about using Sling and different login modules you can create.

https://communities.adobe.com/en/communities/aem_technologistsdevelopersarchitects/resources.html

Your use case would require custom logic to lock an account after x number of failed login attempts.

Also - i have not even seen a community article on this subject. This also suggests this is not an out of the box feature.

View solution in original post

smacdonald2008 · 10/15/15

You may want to look at writing a custom login module. Also - read this AEM documentation:

http://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html

lisalin · 10/15/15

Thanks for the quick reply!

I have checked the doc and can't find the info. Does it mean it's not supported by AEM OOTB?

smacdonald2008 · 10/15/15

Correct- this is not a documented feature and it not part of the out of the AEM demo - aka Geometrixx. We recently had an Ask the AEM community experts session on secure AEM web sites.

Although it did not talk about locking out users - it will point you in the right direction about using Sling and different login modules you can create.

https://communities.adobe.com/en/communities/aem_technologistsdevelopersarchitects/resources.html

Your use case would require custom logic to lock an account after x number of failed login attempts.

Also - i have not even seen a community article on this subject. This also suggests this is not an out of the box feature.