This topic has 2 replies, 3 voices, and was last updated 5 years, 2 months ago by 
-
Posts
-
Hi,
I wrote a PAP and I observed that the control comes to onLoginFailure function in the following cases :
– User has entered an invalid password
– User account has been locked (due to invalid password attempts or by admin)Knowing this how do I differentiate between the followuing two events
Event 1: Invalid password attempt invokes onLoginFailure
Event 2: Locked user tries to login invokes onLoginFailureIs there an attribute in the response or the map object which indicates the event that caused onLoginFailure to be invoked?
Thanks,
Sai.I’m looking for the same information. Please let me know if you found any solution for this.
Regards
ManujI don’t think the info in the map passed into onLoginFailure in a PAP will give you what you want. In the event that the user has entered an incorrect username or password, the login name and the password that he entered are available in this map (as is the login realm), but there is no indication as to which one was entered incorrectly.
If a locked user tries to login, the map will, in addition, contain a value for
org.forgerock.openam.auth.authenticatedprincipals– that’s not to say the authentication will ultimately succeed, but if the credentials are correct there will still be an ‘authenticated principal’.You could also examine the body of the
HttpServletResponse. If the user is locked, the JSON structure would be{"code":401,"reason":"Unauthorized","message":"User not Active"}, which is a meaningful response for your purposes. If the credentials are wrong, the structure will be{"code":401,"reason":"Unauthorized","message":"Authentication Failed"}, which is deliberately vague.Andy
You must be logged in to reply to this topic.
