Hello
I have a custom login journey and have configured AM using the documentation for account lockout. But, on failure of a data store decision node, I have a retry loop that goes back to re-enter password (5 times). When doing this, the sunAMAuthInvalidAttemptsData is only incremenented after the retry limit is reached and not when the invalid attempt is made. I have this flow because I need an identifier first login / failure so cannot change the journey. Any way to get the sunAMAuthInvalidAttempts to increment on failed password without having to restart he journey each time?
Thanks
Nick
Are you using the out of the box Retry Limit Decision node? If yes, you can get the count from "retryLimitNodeCount" user attribute associated with that node
Yes, am using the OOTB retry limit decision node, and I can see the trey count being recorded, but that doesn’t fix the issue with not incrementing the failed logins so can do the soft lock.
Hi @nick.hatsec,
The authentication lock feature is designed to increment the lockout count on login failure (e.g at the Failure node). The alternative is to turn off realm’s global account lockout feature, and instead use the Account Active Decision and Account Lockout nodes. This gives more flexibility, bringing user lockout check early in the flow rather than at the end. If you don’t need to dissociate the active status from lockout status this should work fine for you. If not, the alternative is to use your own custom scheme driven by scripts decision nodes and a custom schema in DS (e.g your custom lockout attribute along perhaps a lockout time and so on).
Kind regards
Patrick
Account Active Decision and Account Lockout nodes you cannot understand how many times user entered wrong password (Lets assume after 5 times you want to lock user of 10 minutes) you cannot manage it without defining custom attributes, counting yourself in custom ds attributes. I have implemented with defining new custom attributes (one of timestamp of user I have locked and one for counting allowed wrong password attempt) then inside journey I have checked this 2 attribute to put the logic without restarting journey
1 Like
