Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17949

Account lockout applied to tree even when ignore profile selected

    XMLWordPrintable

    Details

    • Rank:
      1|i04wh2:

      Description

      Bug description

      With recent changes where Account lockout is checked in Tree (on 7), there is a there is difference in behaviour from Authentication chains as even if the user lock.

      In AM 7.x and 6.5.x when using Authentication modules where the Datasource with a user have inetUserStatus (INACTIVE) with Ignore profile enable, the login can happen. However with tree, this will always fail and complain about User locked even when profile is ignored.
       

      Item Profile=Required Profile=Ignored 
      AuthModule ✅ 
      Tree ❌ (for 6.5 it will be ✅)

      How to reproduce the issue

      1. For AuthModules, you can authenticate as user with user status locked
      2. Try with Ignore profile and profile required
      3. Repeat the same with Tree
      Expected behaviour
      Ignore profile should not use user profile and user lockout entry
      
      Current behaviour
      Ignore profile does not have effect
      

      Work around

      None.

      Code analysis

      This seems to be due to an recent security fix. Implementing accountLockoutChecks() in SuccessProcessTreeResult/FailureProcessTreeResult

        Attachments

          Activity

            People

            Unassigned Unassigned
            chee-weng.chea C-Weng C
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated: