Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Locking out account for Custom User Group implementation

chintan97patel
Level 2
Level 2

Hello,

 

We have implemented authentication requirement (from page properties -> advanced -> Authentication Requirement) for some of our sites and added Custom User Group so that only users part of that group can access the site after successful authentication.

 

The solution does not prevent users from trying as many attempts as they want. This may lead to brute force attack where attacker can try as many combinations for a user and get access to the secured site.

 

Is there any OOTB feature for locking out users based upon some number of unsuccessful authentication attempts? We can reproduce the same in author environment (though author is accessible by company network only) as well which requires login before updating any content. 

1 Accepted Solution
Jörg_Hoh
Correct answer by
Employee
Employee

If you want to have more sophisticated ways for authentication (that means including things like 2FA, password expiration, rate limits on log on etc) I would recommend you to connect AEM with a dedicated IDP service. AEM supports SAML which should be supported today by every IDP solution. AEM does not want to copy the features of these systems, because it's not an IDP by itself (and never wanted to be).

View solution in original post

2 Replies
Jörg_Hoh
Correct answer by
Employee
Employee

If you want to have more sophisticated ways for authentication (that means including things like 2FA, password expiration, rate limits on log on etc) I would recommend you to connect AEM with a dedicated IDP service. AEM supports SAML which should be supported today by every IDP solution. AEM does not want to copy the features of these systems, because it's not an IDP by itself (and never wanted to be).

View solution in original post