[OPENAM-16093] RFE: accountLockout should also invalidate or remove current session Created: 02/Apr/20 Updated: 03/Apr/20 Resolved: 03/Apr/20
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Support Ticket IDs:|
Account Lockout functionality only affects Authentication. Current active sessions are still able to be used. This is a Request for Enhancement to the Account Lockout feature for AM to remove or invalidate the active sessions for a user who gets locked out.
For example given a username:
1 - Search and delete all active tokens in CTS
Either the API (better) or direct LDAP calls could be used for this.
|Comment by Andy Hall [ 02/Apr/20 ]|
David Bate Please attach a support ticket.
And is this using trees or chains?
|Comment by Bipin Kalawade [ 03/Apr/20 ]|
Support ticket: 48353
We are still on 5.1.1, however, the feature we are looking to implement at getSessionInfo or validate. So for some reason (as explained in ticket) if user's active status is revoked then we need to kill user's current active session.
To answer specifically we are still using authentication modules and chains.