This topic has 3 replies, 2 voices, and was last updated 5 years, 4 months ago by 
-
Posts
-
Hi,
We use openAM as the authentication page and openAM internally authenticates a user (based on user name and password) using openDJ. If a user exceeds the limit of maximum permissible login attempts (6 in our case) the account locked status of that particular user is set to true in openDJ and once he is locked and he won’t be able to login. so we have a requirement here, we also maintain the list of users in the database (oracle or mongoDB) and whenever a user is locked due to invalid password attempts we need to update the same locked status in our database. As openAM login is something which is outside of our application code how can we achieve that?
Examples:
Writing custom codesWe would like you to suggest a solution to this problem.
Thanks,
Sai.https://backstage.forgerock.com/docs/openam/13.5/dev-guide/chap-extending#sec-post-auth
https://wikis.forgerock.org/confluence/display/openam/Write+a+Post+Authentication+Plug-inIf I am not wrong, onLoginFailure is where OpenAM will redirect you to when account is locked. I could be wrong, test it out.
I followed the exact same process and I wrote a log message in all the three functions. I have no idea about what’s going wrong but there is no log recorded in tomcat even after copying the jar file to openAM lib folder and restarting the tomcat.
PS: I have also configured it in myrealm from openAM admin console.
I was able to deploy a post authentication plugin in openAM. I see that the control comes to onLoginFailure in both the invalid password scenario and user account lockout scenario. So how can I differentiate between the two cases in my custom code. Like is there any attribute or something in the response which says what action to be performed (i.e. whether to show invalid password page or account locked state). What I am trying to do here is know the state of the user account and make a database call to mondoDB in onLoginFailure function and update the user status in mongoDB when we detect a lockout case.
You must be logged in to reply to this topic.
