policy Attributes (Sun Identity Manager Service Provider 8.1 Deployment)

Sun Identity Manager Service Provider 8.1 Deployment

policy Attributes

Account lockout occurs when a user has too many consecutive failed login attempts. This applies to both password-based login attempts and login attempts based on authentication questions. Separate limits for password-based and question-based account lockout are specified on the “Account Policy” section on the main configuration page. Accounts that are locked out can be explicitly unlocked by an administrator or implicitly when the lock expires, such as after one hour.

Since locking out accounts is LDAP-vendor specific, Service Provider allows you to configure rules that operate on the IDMXUser view to determine if an account is locked out, to update the view to lock an account, and to update the view to unlock an account.

The policy.questions[*] attributes will not be included in the IDMXUser view or updated unless the buildAuthQuestions option is set in the form.

Attribute	Description
policy.failedPasswordLoginAttemptsCount	The number of consecutive password-based failed login attempts. When the user logs in successfully (either with a password or authentication questions), this value is reset. If this value is not present, it is assumed to be zero. (integer: read-only)
policy.failedQuestionLoginAttemptsCount	The number of consecutive authentication question-based failed login attempts. When the user logs in successfully (either with a password or authentication questions), this value is reset. If this value is not present, it is assumed to be zero. (integer: read-only)
policy.questions[*].id	The unique identifier that is used to associate this question with one defined in the policy. This is a read-only attribute.
policy.questions[*].question	The question text, which can be displayed to the user. This attribute is read-only.
policy.questions[*].answer	The user’s answer for the question, if specified.
policy.questions[*].loginInterface	The login interface with which this policy question is associated. Its value is a unique message catalog key for each loginInterface.