Always Display Domain & Lockout Message
1. Is is possible to always show the Domain field on the manual login screen?
2. I've checked the Display an Account lockout message (Ver 6.5)
Entered the wrong password 3 times (our lockout limit) but all I receive is the standard "We were not able to log you on to the system. Unable to validate user account." I also did an IISreset and cleared cache cookies, etc. What am I doing wrong?
1. If you do not have default LDAP config defined, then Display Domain link will always present in the authentication page. However, I am not aware of the approach to always show domain drop down.
2. Actually, same behaviour in 6.7 P7. I would report as a defect
The Account Lockout message is only presented to a user who is entering their proper credentials.
If you are entering bad credentials, you are simply presented with the failure.
Arguably, there may be a different desired situation, but… that does provide bad actors a validation for an appropriate username.
Agree w/ Ilya that only option in ACP is to Hide it, none to display it by default.
Yeah, Lockout message did not work for me when entering proper credentials on locked user.
Same with 6.8P2. To be clear...
1. Checked 'Display Account Lockout Message' option in ACP and Saved.
2. Locked user account in Manage Users.
3. Went to manual login URL.
4. Entered correct userid and password for user in Step 2.
5. Received "We were not able to log you on to the system. Unable to validate user account."
As a CISSP, I know best practice is to not tell potential hackers why their attempt failed, but options should work.
I wouldn't think that it would behave differently, but…
When it worked for me, I locked it entering bad creds.
Then I noted it wasn't giving me the message just as described.
Then I tried using the proper password and was able to get the "you're locked” message…
Don't understand why How it got locked would impact it, but curious if anyone else *can* get it. J