Bug #1202
invalid TAC # attempt for more than 3 times, it did not lock the user id.
Status: | Dropped-End of life cycle | Start date: | September 30, 2011 | |
---|---|---|---|---|
Priority: | Urgent | Due date: | September 30, 2011 | |
Assignee: | Tan Lee Yong | % Done: | 0% | |
Category: | Utilities | Spent time: | - | |
Target version: | - |
Description
when l enter the invalid TAC # for more than 3 times, it said you have been logout. then l try to login, it allows me to login and check in the IBAM, the user id status is not lock. please assist to fix the issue. Thanks
History
#1 Updated by Wong Bernard almost 13 years ago
- Assignee changed from Wong Bernard to Anonymous
What module is this for? Or is this for all modules currently with TAC?
#2 Updated by Anonymous almost 13 years ago
- Assignee changed from Anonymous to Wong Bernard
all module... Thanks
#3 Updated by Wong Bernard almost 13 years ago
- Category set to Utilities
- Assignee changed from Wong Bernard to Cheang Danniell
I've troubleshoot this issue to a point where I'm not sure what to do. This is where you come in Daniell (sorry... :( )
User can enter invalid TAC indefinitely. Debugging shows that Upass is returning value 14 (TAC expired). After the third failed attempted, it continues to return 14 when the expected is 2 (TAC Max Retries).
The Upass configuration is setup as expected:
- TAC_MAX_ERROR=3
Another thing I noticed is that in the userVerifyTac method in GenericIBAuthenticationServicesImpl class, this code is commented:
- this.c_oIBSSessionObjects.getUPassClient().UA_LockUser(UPassConstants.IB_ADMIN_ALIAS, UPassConstants.IB_ADMIN_PASS, p_sUserAlias);
History shows it was commented out by Darsy, but the reason is not stated...
Let me know what else I can do and test to resolve this. Thanks.
#4 Updated by Tan Lee Yong almost 13 years ago
- Status changed from Internal Testing to Development / Work In Progress
- Assignee changed from Cheang Danniell to Wong Bernard
Hi Bernard,
Now I understand the process. After 3 times tried, user account should not be locked. Only the TAC is expired. User have to request again. Therefore, our requirement is wrong to lock the user after 3 times attempt failed. It should just expired the TAC.
#5 Updated by Wong Bernard almost 13 years ago
- Assignee changed from Wong Bernard to Tan Lee Yong
Please attach the document which states the requirements for TAC handling and functionality for Agrobank. This is so everyone is on the same page and have the same understanding of this module.
Thanks.
#6 Updated by Tan Lee Yong almost 13 years ago
- Status changed from Development / Work In Progress to Dropped-End of life cycle
I found this statement in BRS:-
 Validity of TAC will also based on the scenarios below:-
o Maximum of 3 attempts –
 If customer continuously wrongly entered the TAC for three times, the customer will be forced logout from the session.
 Customer account will be locked.
 Customer is required to call the Customer Service to unlock the account
 Customer Service will verify the customer and unlock the account in order to enable for customer to perform subsequent logon.
AND IT IS WRONG. I don't think we should lock the user account due to this reason. I will update customer in this matter.
Since, we already implemented in the correct way, nothing to fix. I close this case until further action if required.