Steve Giller Posted January 25, 2018 Share Posted January 25, 2018 When I arrived at work today I was told we'd had a small period of difficulty connecting for some staff (full users) - I suspect, from talking to my team, that all that was required was a browser refresh so that's not an issue. However, after that I had one member of staff who found themselves set to 'Suspended' and could not sign in. As far as I can ascertain no-one had made this change manually, and we are not maxing out on licenses; is there a reason that this might have happened that I can look out for and hopefully prevent, or would it just be a glitch that is unlikely to happen again? I normally associated account suspensions with failed logins; but we use SSO so it wasn't a mistyped password. Link to comment Share on other sites More sharing options...
James Ainsworth Posted January 26, 2018 Share Posted January 26, 2018 Hi @DeadMeatGF My first thought would have been suspended due to failed logins. I'm not aware of anything else that would change this automatically. I'm afraid don't know enough about SAML to know if something can occur between the identity provider and Hornbill that would cause this while you were having this period of difficulty connecting. I will make sure that the team are aware to see if they can provide any further feedback. Regards, James Link to comment Share on other sites More sharing options...
Steve Giller Posted January 26, 2018 Author Share Posted January 26, 2018 Thanks @James Ainsworth Link to comment Share on other sites More sharing options...
Victor Posted January 26, 2018 Share Posted January 26, 2018 @DeadMeatGF there are system settings dictating user lockouts following multiple failed logins. These are the default values: It does not matter if SSO or Hornbill login, if the login procedure fails the number of times configured in "failedLoginAttempts" (for whatever reason) the user is suspended... Link to comment Share on other sites More sharing options...
Steve Giller Posted January 26, 2018 Author Share Posted January 26, 2018 I'm mainly intrigued by the mechanism that led to it - we had a number of users accessing the system at the time, but only one ended up suspended. If I can establish what triggered that setting I can either address the individual or the system as appropriate. For example, if it turns out that he got a pop-up asking him to refresh the browser (as a colleague in my office did) and he ignored it, and it turns out that was the cause I can address the user; if the system will always send multiple logon requests in this instance I can address that instead, either by increasing the threshold or by reducing the lockout duration as appropriate. Link to comment Share on other sites More sharing options...
Victor Posted January 26, 2018 Share Posted January 26, 2018 @DeadMeatGF did the issue occur around the time this happened? Link to comment Share on other sites More sharing options...
Steve Giller Posted January 26, 2018 Author Share Posted January 26, 2018 Yep, I believe that was the trigger for it. Link to comment Share on other sites More sharing options...
Victor Posted January 26, 2018 Share Posted January 26, 2018 @DeadMeatGF in each instance multiple services are running, the issue was caused by one of these services... so most likely the service responsible for logins was working but the one that returns data to this service was not... in effect, it meant that the login was failing purely because the service returning data was down.... nothing on your side... I am saying this because I don't think is anything you need to address, anything you can do... it was an unfortunate circumstance... Link to comment Share on other sites More sharing options...
Steve Giller Posted January 26, 2018 Author Share Posted January 26, 2018 That's disappointing - I do enjoy the opportunity to tell a user they've been doing something wrong ... 1 Link to comment Share on other sites More sharing options...
Victor Posted January 26, 2018 Share Posted January 26, 2018 @DeadMeatGF hmm... I don't see why this conversation would stop you doing this... they aren't monitoring this thread are they...? ... if you looking for suggestions, I can come up with something Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now