From past two weeks we have noticed some strange behaviour in our CE 201702 for two production instances. One user in both the production instances lost their login access. Surprisingly one user was able to login after 6-7 hours and multiple attempts(any hint here ??) but for the other user the problem still persist.
We tried updating the password but to no avail. Both the tomcat logs and apache logs were clean. There was no UI error visible in developer console.
We checked the database and the user was there, checked whether the user was not disabled by the admin but not. We double checked everything but found nothing.
Has anyone faced this issue then please shed some light.
Happy New Year Jeff,
Yes, these users were able to login successfully earlier.
I created a new user on the production instances and they were able to login successfully.
Everything is working perfectly fine in the DMS except that these users are not able to login.
Happy New Year Douglas.
Not sure exactly but some parts seems relevant.
1. I did the see the WARN log as specified in the documentation for the affected user. When I restarted the server I got the below warning message
2017-12-27 13:51:39,600 WARN [security.authentication.AuthenticationServiceImpl] [ajp-apr-8009-exec-5] Brute force attack was detected for user: hr*******
2. One of the user was able to login after we stopped the login attempt for 2-3 hours.
But, I am not clear about some parts.
1. Documentation states that the account goes into protected mode for 6 seconds but ours was not the case. We tried accessing the account after 10 mins or so but wasn't able to login. Also, I have seen the above log snippet many times but this is the first time I am facing the the issue.
2. I did not see all the logs generated except for the logs shown in the image in the documentation.
FYI, We haven't specified any of the props described in the documentation. We are using the default specified by Alfresco.
I faced problems with this brute force protection feature, as in my case, just like yours, users were not able to login even after waiting for hours.
This happened only for some specific users, and as I was not willing to investigate what the real problem was, I decided to simply turn this feature off.
The ideal approach would be to be able to identify why the protection is not releasing the "lock" on the user.
In my case, as I had no time to investigate it, I decided to turn it off.
Conclusion, you decide if it is important to you or not.
If it doesn't work the way it is described in the documentation, then I guess the best thing to do is to raise an issue and have Alfresco knowing about the problem.