From past two weeks we have noticed some strange behaviour in our CE 201702 for two production instances. One user in both the production instances lost their login access. Surprisingly one user was able to login after 6-7 hours and multiple attempts(any hint here ??) but for the other user the problem still persist.
We tried updating the password but to no avail. Both the tomcat logs and apache logs were clean. There was no UI error visible in developer console.
We checked the database and the user was there, checked whether the user was not disabled by the admin but not. We double checked everything but found nothing.
Has anyone faced this issue then please shed some light.
Are you authenticating against LDAP/AD? Or are these Alfresco-managed users?
These are Alfresco-managed users. Other users in the both the production instances are able to login but the problem exist for two users only.
Have these users ever logged in successfully?
If you create a new user, can the new user log in?
Is the rest of the repository acting normally? Folders and content can be created by users who are able to log in?
Please, check if this is not the case:
Mitigating brute force attack on user passwords | Alfresco Documentation
Happy New Year Jeff,
Yes, these users were able to login successfully earlier.
I created a new user on the production instances and they were able to login successfully.
Everything is working perfectly fine in the DMS except that these users are not able to login.
Happy New Year Douglas.
Not sure exactly but some parts seems relevant.
1. I did the see the WARN log as specified in the documentation for the affected user. When I restarted the server I got the below warning message
2017-12-27 13:51:39,600 WARN [security.authentication.AuthenticationServiceImpl] [ajp-apr-8009-exec-5] Brute force attack was detected for user: hr*******
2. One of the user was able to login after we stopped the login attempt for 2-3 hours.
But, I am not clear about some parts.
1. Documentation states that the account goes into protected mode for 6 seconds but ours was not the case. We tried accessing the account after 10 mins or so but wasn't able to login. Also, I have seen the above log snippet many times but this is the first time I am facing the the issue.
2. I did not see all the logs generated except for the logs shown in the image in the documentation.
FYI, We haven't specified any of the props described in the documentation. We are using the default specified by Alfresco.
I faced problems with this brute force protection feature, as in my case, just like yours, users were not able to login even after waiting for hours.
This happened only for some specific users, and as I was not willing to investigate what the real problem was, I decided to simply turn this feature off.
So, should I also turn off the feature or try something else ??
The ideal approach would be to be able to identify why the protection is not releasing the "lock" on the user.
In my case, as I had no time to investigate it, I decided to turn it off.
Conclusion, you decide if it is important to you or not.
If it doesn't work the way it is described in the documentation, then I guess the best thing to do is to raise an issue and have Alfresco knowing about the problem.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.