Question

Audit for failed login attempt

0

we have a requirement where I need to audit the user login, and also the failed attempt for user login with different role. I am using the custom login page with sign in action.

asked 2021-12-30

Harshad Borse

2 answers

Ronald Catersels · Answer 1 · 2021-12-30

That person would need to be able to see the system/User object so it can see the failed logins. Do note that giving that user those access rights gives him serious power. Other option would be to create non persistent objects and copy all the data over to the non persistent objects to show that to the user. But if you have many accounts that might not be a viable option. You then might want to create persistant shadow objects. But do note that you need to sync the data.

Regards,

Ronald

Roy Veenvliet · Answer 2 · 2021-12-30

You can create your own microflow and use that instead of the signin button (you'll also have to create a non-persistent object to be able to use the username/password). You can use the "System.VerifyPassword” java action to verify the username and password, if incorrect create a logging object of some sort. If it is correct call a custom request handler to login the user (for example, see the password forget module).