When developing a Custom Authentication Scheme to include a reCaptcha functionality, how to get the bad password count for a user, in order to determine whether or not we should present him the captcha control?
Policy Server 12.8SP2 on RedHat 7;
Policy Server JDK 1.8.0_201 64bit;
Policy Store on CA Directory 14.1;
At first glance, out of the box, the custom code would need to be able to read the password data from the "Password Data" value from the User Directory. Unfortunately, for security reason, this one cannot be read outside the Policy Server which needs the use of the Session Key (1).
Try utilizing SDK custom code and DmsApiSample.java (2)(3) to read it.
There's another way is to use the SMTRYNO cookie, but this one has very limited scope (4).
Finally, when running Advanced Password Services (APS) on the Policy Server, those login failure count can be read in an easier way, as APS will write in clear in the LDAP User Attribute the login failure count (5)(6).