Identify invalid password and locked user call backs (PAP)

This topic has 2 replies, 3 voices, and was last updated 5 years, 2 months ago by Andy Cory.

  • Author
    Posts
  • #15924
     bikumar
    Participant

    Hi,

    I wrote a PAP and I observed that the control comes to onLoginFailure function in the following cases :

    – User has entered an invalid password
    – User account has been locked (due to invalid password attempts or by admin)

    Knowing this how do I differentiate between the followuing two events

    Event 1: Invalid password attempt invokes onLoginFailure
    Event 2: Locked user tries to login invokes onLoginFailure

    Is there an attribute in the response or the map object which indicates the event that caused onLoginFailure to be invoked?

    Thanks,
    Sai.

    #17639
     Manuj Gupta
    Participant

    I’m looking for the same information. Please let me know if you found any solution for this.

    Regards
    Manuj

    #17641
     Andy Cory
    Participant

    I don’t think the info in the map passed into onLoginFailure in a PAP will give you what you want. In the event that the user has entered an incorrect username or password, the login name and the password that he entered are available in this map (as is the login realm), but there is no indication as to which one was entered incorrectly.

    If a locked user tries to login, the map will, in addition, contain a value for org.forgerock.openam.auth.authenticatedprincipals – that’s not to say the authentication will ultimately succeed, but if the credentials are correct there will still be an ‘authenticated principal’.

    You could also examine the body of the HttpServletResponse. If the user is locked, the JSON structure would be {"code":401,"reason":"Unauthorized","message":"User not Active"}, which is a meaningful response for your purposes. If the credentials are wrong, the structure will be {"code":401,"reason":"Unauthorized","message":"Authentication Failed"}, which is deliberately vague.

    Andy

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?