Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Locking out account for Custom User Group implementation

Avatar

Avatar
Give Back
Level 1
chintan97patel
Level 1

Likes

2 likes

Total Posts

6 posts

Correct Reply

1 solution
Top badges earned
Give Back
Establish
Validate 1
Boost 1
Affirm 1
View profile

Avatar
Give Back
Level 1
chintan97patel
Level 1

Likes

2 likes

Total Posts

6 posts

Correct Reply

1 solution
Top badges earned
Give Back
Establish
Validate 1
Boost 1
Affirm 1
View profile
chintan97patel
Level 1

12-03-2021

Hello,

 

We have implemented authentication requirement (from page properties -> advanced -> Authentication Requirement) for some of our sites and added Custom User Group so that only users part of that group can access the site after successful authentication.

 

The solution does not prevent users from trying as many attempts as they want. This may lead to brute force attack where attacker can try as many combinations for a user and get access to the secured site.

 

Is there any OOTB feature for locking out users based upon some number of unsuccessful authentication attempts? We can reproduce the same in author environment (though author is accessible by company network only) as well which requires login before updating any content. 

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,081 likes

Total Posts

3,121 posts

Correct Reply

1,061 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,081 likes

Total Posts

3,121 posts

Correct Reply

1,061 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

13-03-2021

If you want to have more sophisticated ways for authentication (that means including things like 2FA, password expiration, rate limits on log on etc) I would recommend you to connect AEM with a dedicated IDP service. AEM supports SAML which should be supported today by every IDP solution. AEM does not want to copy the features of these systems, because it's not an IDP by itself (and never wanted to be).

Answers (1)

Answers (1)

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,260 likes

Total Posts

3,149 posts

Correct Reply

886 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,260 likes

Total Posts

3,149 posts

Correct Reply

886 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

13-03-2021