Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16151

AM account lockout is checked even when it's disabled

    XMLWordPrintable

Details

    • AM Sustaining Sprint 74
    • 3
    • No
    • Yes
    • No
    • Yes and I used the same an in the description
    • 0
    • Future
    • None

    Description

      Bug description

      AM account lockout is checked even when it's disabled

      How to reproduce the issue

      1. install 6.5.2.2
      2. enable "message" level debugging on
      3. authenticate with demo user
      4. check debug log and you will see AM proprietary account lock being invoked when the default value for "Authentication -> Core -> Login Failure Lockout Mode" is false.
      amIdm:04/22/2020 07:18:17:270 AM NZST: Thread[http-bio-18080-exec-44,5,main]: TransactionId[521cc996-cf10-4e1f-86dd-d8ad5304414d-326049]AMIdentity.getAttributes 6: attrNames=[iplanet-am-user-login-status, nsaccountlock]; resultMap={nsaccountlock=[], iplanet-am-user-login-status=[]}; attrs={nsaccountlock=[], iplanet-am-user-login-status=[]}
      amAccountLockout:04/22/2020 07:18:17:271 AM NZST: Thread[http-bio-18080-exec-44,5,main]: TransactionId[521cc996-cf10-4e1f-86dd-d8ad5304414d-326049]Account islocked? false 
      Expected behaviour
      AM proprietary account lock shouldn't be invoked when Login Failure Lockout Mode is disabled.
      
      Current behaviour
      AM proprietary account lock is invoked regardless of "AM proprietary account lock" and issuing couple of ldap searches.
      

      Work around

      None

      Code analysis

      LoginState doesn't check if AM account lockout is enabled.

      com.sun.identity.authentication.service.LoinState.java
      public boolean isAccountLocked(String username) {
          if (StringUtils.isEmpty(username) || isApplicationModule(indexName)) {
              return false;
          }
          AMAccountLockout amAccountLockout = new AMAccountLockout(this);
          return amAccountLockout.isLockedOut(username) || amAccountLockout.isAccountLocked(username);
      }
      

      Attachments

        Activity

          People

            sachiko Sachiko Wallace
            sachiko Sachiko Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: