[midPoint] Synchronizing Lockout Problem

Maximiliano Maidana mmaidana at rakkau.com
Mon Nov 25 16:51:28 CET 2024 

Good morning, everyone. Does anyone have any suggestions on this topic?

El vie, 8 nov 2024 a la(s) 5:25 p.m., Maximiliano Maidana (
mmaidana at rakkau.com) escribió:

> Good morning,
>
> We have encountered the following situation:
>
> I have the following logic in my resource:
>
> <lockoutStatus>
>     <outbound>
>         <strength>strong</strength>
>         <expression>
>             <asIs/>
>         </expression>
>     </outbound>
> </lockoutStatus>
>
> The goal is to set a specific value when the user is locked in MidPoint
> after entering an incorrect password multiple times. The issue we're seeing
> is that during testing, the user lockout does not generate an event in
> itself (we don’t see it in the user’s event history), so the source is not
> evaluated, and the outbound is not applied.
>
> We also tried capturing the event through a generalNotifier or
> customNotifier (to see if we could then reconcile the user and apply the
> changes). However, no event is generated at the time of lockout. Increasing
> the logs only shows events related to the Repository (we don’t see anything
> related to the model).
>
> 2024-11-07 17:48:17,354 [REPOSITORY] [http-nio-8080-exec-1] DEBUG
> (com.evolveum.midpoint.repo.operation): Repository operation modify
> FocusType 5bd96d9c-525a-442c-9e84-c9b9596ad884: SUCCESS
> behavior/authentication/9/failedLogins
> ADD: 1
> behavior/authentication/9/lastFailedLogin
> ADD: LoginEventType(2024-11-07T17:48:17.351Z from 181.169.255.221)
> 2024-11-07 17:48:17,354 [REPOSITORY] [http-nio-8080-exec-1] DEBUG
> (PROFILING): #### Entry: 421780
> ...repo.cache.RepositoryCache->invalidateCacheEntries
> 2024-11-07 17:48:17,354 [REPOSITORY] [http-nio-8080-exec-1] DEBUG
> (PROFILING): ##### Exit: 421780
> ...repo.cache.RepositoryCache->invalidateCacheEntries etime: 0.045 ms
> 2024-11-07 17:48:17,354 [REPOSITORY] [http-nio-8080-exec-1] DEBUG
> (PROFILING): ##### Exit: 421778 ...repo.cache.RepositoryCache->modifyObject
> etime: 3.493 ms
> 2024-11-07 17:48:17,354 [] [http-nio-8080-exec-1] DEBUG
> (com.evolveum.midpoint.model.impl.security.SecurityHelper): Login failure
> username=testl_lock, channel=
> http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user:
> password mismatch
>
> We also tried adding a mapping with lockout as the source, but the result
> is the same:
>
> <source>
>     <path>activation/lockoutStatus</path>
> </source>
>
> It seems as if the lockout change is executed in raw mode. Is there a way
> to handle this, or alternatively, to capture this event to later reconcile
> the user?
>
> Best regards.
>
>
> --
> *Maidana Maximiliano*
> *mmaidana at rakkau.com <nrossi at rakkau.com>*
> www.rakkau.com
>


-- 
*Maidana Maximiliano*
*mmaidana at rakkau.com <nrossi at rakkau.com>*
www.rakkau.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241125/c7166de9/attachment.htm>

More information about the midPoint mailing list