We're running a Policy Server and we'd like to get a way to show the
user in the browser the failed logins tentative amount before he or
she successfully logs in.
How can we do it ?
Policy Server 12.8SP3 on RedHat 7;
At first glance, the Advanced Password Services provides the data for
that. You have to customize then your web page or application to get
the data from the User Store. As customization, you might need to
engage our Services department for guidance.
Here the extract from documentation mentioning that :
"Note that if your site wishes to display failure count information on
a user's screen, you should use smapsFailuresSincePreviousLogin, since
the user just logged in and this value has been cleared."
And from the Policy Server bin/ folder, you'll find the APS.cfg files
which holds the full configuration of Advanced Password Services. You
might want to check the section :
For full documentation about this feature, we invite you to read the
following section :
Advanced Password Services Configuration
We invite you also to get in touch with our Services department to get
their experience in customizing the application with APS as some
restricted API are available throught them.
Application Programming Interface
Starting with Version 3.0, APS provides a true Application
Programming Interface (API). This interface does not provide a
generic interface to updating directories; rather, it provides
programmatic access to APS' password evaluation capabilities and
run-time authentication checking.
The API is "housed" in a library called APSAPI (under Windows,
APSAPI.DLL, and under Solaris, libAPSAPI.so). This library and the
required C/C++ language header file, are installed with APS on the
Policy Server under the SDK directory.
The API is supplied for C/C++ and COM only. If it must be called
from Java, it is up to the site to build a JNI interface to the API,
though a JNI interface may be provided with a future release. It is
not possible at this time to produce a native Java API, because the
APS API calls into the CA Single Sign-On Agent API, which is C/C++
only. Thus, a JNI call must be made at that point. The CA Single
Sign-On Agent API remains C/C++ only for security reasons.
CA Professional Services can be contracted to write programs that
use this API and can be contracted to help architect applications
that use it. However, we do not provide direct support for
customer-written programs that use the API. Since APS includes
utilities (such as SmCPW and APSAdmin) that call the API, the API
itself can be tested cleanly without using customer code. Failures
in customer code should be tested using a CA-supplied interface
before calling for support.
More, you'll find the libraries indicated above in the folder :
On linux :
Compiling & Linking
The APSAPI package includes a file called APSAPI.h, which contains
all of the function definitions for the API. This file must be
included in your source code in order to declare the functions. When
linking under Windows, you will need APSAPI.lib (also provided with
the APSAPI kit). This file contains information that the linker needs
to connect your program to APSAPI.DLL. Under Solaris, you can specify
libAPSAPI.so in your makefile for linking purposes.