November 11, 2015 at 7:55 pm #6274scyllaParticipant
I am a noob to Forgerock, be gentle please. :)
Is there a way to set specific lockout settings for a specific user?
Possible Use Case: Security team needs account to blackbox test web application that gets locked out. Whitelist account to not lockout would be nice, even with TimeFence. I.E. from this date/time to that date/time.
Does anything remotely like this exist? TIANovember 11, 2015 at 11:12 pm #6278Bill NelsonParticipant
I am not aware of any such functionality in OpenAM as I have only found this configurable as a realm parameter. If you are using OpenDJ, however, this is very doable as you can configure passwords policies that apply to the entire server, groups of users, users themselves, or even dynamically associated with users based on DIT location or even the attributes they have associated with their account. In your case, you could associate password policies based on a user’s type (userType=testAccount) and apply specific policies accordingly.
I wrote a blog entry on the differences between configuring account lockout in OpenAM and OpenDJ. You can find it here if you are interested: http://www.identityfusion.com/understanding-openam-and-opendj-account-lockout-behaviors/.
billNovember 12, 2015 at 7:22 pm #6297scyllaParticipant
Thank you Bill.
You must be logged in to reply to this topic.