Overnight some users losing login access

cancel
Showing results for 
Search instead for 
Did you mean: 
Established Member

Overnight some users losing login access

Hi All,

From past two weeks we have noticed some strange behaviour in our CE 201702 for two production instances. One user in both the production instances lost their login access. Surprisingly one user was able to login after 6-7 hours and multiple attempts(any hint here ??) but for the other user the problem still persist.

We tried updating the password but to no avail. Both the tomcat logs and apache logs were clean. There was no UI error visible in developer console.

We checked the database and the user was there, checked whether the user was not disabled by the admin but not. We double checked everything but found nothing.

Has anyone faced this issue then please shed some light.

Thanks

Hiten Rastogi

10 Replies
Professional

Re: Overnight some users losing login access

Are you authenticating against LDAP/AD? Or are these Alfresco-managed users?

Established Member

Re: Overnight some users losing login access

Hi Jeff,

These are Alfresco-managed users. Other users in the both the production instances are able to login but the problem exist for two users only.

Professional

Re: Overnight some users losing login access

Have these users ever logged in successfully?

If you create a new user, can the new user log in?

Is the rest of the repository acting normally? Folders and content can be created by users who are able to log in?

Advanced II

Re: Overnight some users losing login access

Established Member

Re: Overnight some users losing login access

Happy New Year Jeff,

Yes, these users were able to login successfully earlier.

I created a new user on the production instances and they were able to login successfully.

Everything is working perfectly fine in the DMS except that these users are not able to login.

Established Member

Re: Overnight some users losing login access

Happy New Year Douglas.

Not sure exactly but some parts seems relevant.

1. I did the see the WARN log as specified in the documentation for the affected user. When I restarted the server I got the below warning message

      2017-12-27 13:51:39,600  WARN  [security.authentication.AuthenticationServiceImpl] [ajp-apr-8009-exec-5] Brute force attack was detected for user: hr*******

2. One of the user was able to login after we stopped the login attempt for 2-3 hours.

But, I am not clear about some parts.

1. Documentation states that the account goes into protected mode for 6 seconds but ours was not the case. We tried accessing the account after 10 mins or so but wasn't able to login. Also, I have seen      the above log snippet many times but this is the first time I am facing the the issue.

2. I did not see all the logs generated except for the logs shown in the image in the documentation.

FYI, We haven't specified any of the props described in the documentation. We are using the default specified by Alfresco.

Advanced II

Re: Overnight some users losing login access

I faced problems with this brute force protection feature, as in my case, just like yours, users were not able to login even after waiting for hours.

This happened only for some specific users, and as I was not willing to investigate what the real problem was, I decided to simply turn this feature off.

Established Member

Re: Overnight some users losing login access

So, should I also turn off the feature or try something else ??

Advanced II

Re: Overnight some users losing login access

The ideal approach would be to be able to identify why the protection is not releasing the "lock" on the user.

In my case, as I had no time to investigate it, I decided to turn it off.

Conclusion, you decide if it is important to you or not.

If it doesn't work the way it is described in the documentation, then I guess the best thing to do is to raise an issue and have Alfresco knowing about the problem.