...
Three HTTP methods are supported:
GET – query an account to see if it's locked or not
POST – increment an account's lockout counter artificially
DELETE – clear an account's lockout state
The POST/DELETE operations return a 204 on success, while the GET operation returns a JSON response describing the object queried and the lockout status. An example trace follows (much of the response header dump is elided, this just shows the basics).
Example lockout operations
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
$ curl -ik "https://localhost/idp/profile/admin/lockout/shibboleth.authn.Password.AccountLockoutManager/jdoe%21192.168.1.1" HTTP/1.1 200 OK Content-Type: application/json;charset=utf-8 { "data" : { "type" : "lockout-statuses", "id" : "shibboleth.authn.Password.AccountLockoutManager/jdoe!192.168.1.1", "attributes" : { "lockout" : true } } } $ curl -X DELETE -ik "https://localhost/idp/profile/admin/lockout/shibboleth.authn.Password.AccountLockoutManager/jdoe%21192.168.1.1" HTTP/1.1 204 No Content |
...
V4.1 includes properties to control various aspects of the flow's behavior using an internally-defined bean that may be overridden if required.
Localtabgroup | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
The general properties configuring this flow via admin/admin.properties are:
To replace the internally defined flow descriptor bean, the following XML is required:
In older versions and upgraded systems, this list is defined in conf/admin/general-admin.xml. In V4.1+, no default version of the list is provided and it may simply be placed in conf/global.xml if needed. |