Hi Pawel, If I understand your statement correctly, counter is not incremented for a newly unlocked user which allows user additional try after unlock. I tried to reproduce at my end, but I can see user is allowed only 3 wrong password attempts after unlock. Here are the steps I followed: 1. Enabled Basic Lock Authentication script 2. Provided invalid password 3 times, and user account was locked 3. Wait for lock expiration, and tried again with invalid password. 4. User account was locked after 3 attempts. Let me know if I misunderstood your statement, and provide screen shots of your attempts if possible. Thanks

Hi Pawel, We added update based on your comment: https://github.com/GluuFederation/community-edition-setup/commit/31fb43ddf5a737d048ba34a7ad35d95ac4485f7e Regards, Yuriy

Hi, I get different results. Please do exactly what I do to demonstrate: Here are my failed messages: * FRESH START (user just logged out): * INPUT BAD CREDENTIALS (1) * 2 more attempt(s) before account is LOCKED! * INPUT BAD CREDENTIALS (2) * 1 more attempt(s) before account is LOCKED! * INPUT BAD CREDENTIALS (3) * Your account is locked. Please try again after 30 secs (DURING LOCKOUT PERIOD) * INPUT ANY CREDENTIALS * Failed to authenticate. * INPUT GOOD CREDENTIALS * Failed to authenticate. (WAIT TO UNLOCK TO PASS) * INPUT BAD CREDENTIALS (1) * Failed to authenticate. * INPUT BAD CREDENTIALS (2) * 2 more attempt(s) before account is LOCKED! * INPUT BAD CREDENTIALS (3) * 1 more attempt(s) before account is LOCKED! * INPUT BAD CREDENTIALS (4) * Your account is locked. Please try again after 30 secs (WAIT TO UNLOCK TO PASS) * INPUT GOOD CREDENTIALS * Login successful ... ALSO, on a side issue ... after you login it does not clear the invalid count, so if you login then logout the invalid counter should reset. FRESH START (user just logged out) * INPUT BAD CREDENTIALS * 2 more attempt(s) before account is LOCKED! * INPUT GOOD CREDENTIALS * Login successful ... * LOGOUT * Logged Out * INPUT BAD CREDENTIALS * 1 more attempt(s) before account is LOCKED! * INPUT BAD CREDENTIALS * Your account is locked. Please try again after 30 secs Sorry for all those edits ... the formatting made the steps listing really tricky and I wanted to make sure it was clear since I was pasting from ASCII. Hope that helps!

Hi Pawel, We have modified the script, Can you please use [this](https://github.com/GluuFederation/community-edition-setup/blob/31fb43ddf5a737d048ba34a7ad35d95ac4485f7e/static/extension/person_authentication/BasicLockAccountExternalAuthenticator.py) script and let us know the results.

The script seems to work well for the lockout. However it does not address the scenario where a user has failed several attempts and then succeeded so his attempts should be wiped out since it's "consecutive attempts" we are worried about, not total attempts. So the user invalid login count should be reset after each successful authentication.

I understand you. Can you try same script with small [update](https://github.com/GluuFederation/community-edition-setup/commit/a7f334d94137ae271c9720379d8c7e687512d6fc).

Works well now, thank you!