Account Lockout doesnt work

By: Luthor Nguyen user 21 Mar 2023 at 11:26 a.m. CDT

8 Responses
Luthor Nguyen gravatar
Hi, We trying to enable account lockout and followed this document: https://gluu.org/docs/gluu-server/4.5/authn-guide/lockout/#account-lockout - The basic_lock was enabled with 3 properties we kept as default. - The Default Authentication Method was set to basic_lock. - 2FA enabled with Super Gluu App and Yubico key But when we tried to failed the Authentication by Denying the Authentication from the Super Gluu App ( 4 times) or put the wrong password for 4 times, user still able to login. Can we have a suggestion how to enable/test the Account Lockout feature? Thank you in advance. Luthor.
Gluu 4.4 Ubuntu 20.04
closed

Answers

By Mohib Zico staff 21 Mar 2023 at 1:17 p.m. CDT

Copy
Mohib Zico gravatar
Hi Luthor, Will look into it.

By Michael Schwartz Account Admin 21 Mar 2023 at 6:10 p.m. CDT

Copy
Michael Schwartz gravatar
If you are using the Super Gluu script, the `basic_lock` script is not called. You'll need to add the code from the `basic_lock` script into your Super Gluu script...

By Luthor Nguyen user 22 Mar 2023 at 11:28 a.m. CDT

Copy
Luthor Nguyen gravatar
Hi Michael, Would you mind giving me more detailed instructions to add the code from the basic_lock? Actually, I want to use the FIDO2 Yubico key. I looked at the scripts and wondered what the best way to add the code from basic_lock to fido2 or super_gluu is. Because they both define PersonAuthentication class and create their own authenticate function. Regards.

By Mohib Zico staff 22 Mar 2023 at 12:12 p.m. CDT

Copy
Mohib Zico gravatar
Hi Luthor, Which Gluu Server version you are using? 4.4 or 4.5?

By Luthor Nguyen user 22 Mar 2023 at 12:25 p.m. CDT

Copy
Luthor Nguyen gravatar
Hi Mohib, It's 4.4.

By Mohib Zico staff 22 Mar 2023 at 1:21 p.m. CDT

Copy
Mohib Zico gravatar
Thanks. Do you have liberty to use Gluu Server 4.5? I just tested and it's working okay there: https://youtu.be/z-cLPbu35NU Attaching my script below.
basic_lock_v45.py

By Luthor Nguyen user 22 Mar 2023 at 2:46 p.m. CDT

Copy
Luthor Nguyen gravatar
Hi Mohib, That's great video with all detail. I appriciate that. It works on 4.4 also. Please correct me if I'm wrong but the Account lockout can be applied for password login only but not for 2FA. Thank you.

By Mohib Zico staff 22 Mar 2023 at 11:50 p.m. CDT

Copy
Mohib Zico gravatar
Hello Luthor, Thanks for update! >> Please correct me if I'm wrong but the Account lockout can be applied for password login only but not for 2FA. That's correct for now. But I believe it's possible to implement that in 2FA as well by combining two scripts together, but that will fall under special customization. Thanks!

Post an answer