Hello,
This is by design:
cat releasenotes/notes/bug-1688137-e4203c9a728690a7.yaml
---
fixes:
- |
[`bug 1688137 <https://bugs.launchpad.net/keystone/+bug/1688137>`_]
Fixed the AccountLocked exception being shown to the end user since
it provides some information that could be exploited by a
malicious user. The end user will now see Unauthorized instead of
AccountLocked, preventing user info oracle exploitation.
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2049559
Title:
Keysont implements "AccountLocked" but returns "Unauthorized"
Status in OpenStack Identity (keystone):
Invalid
Bug description:
We enabled [security_compliance] in our environment to follow Security
compliance and PCI-DSS requirements, and here is our configuration:
[security_compliance]
lockout_failure_attempts = 3
lockout_duration = 60
My account will be get locked after 3 failure logins, then I tried to
re-login, I got 401 which is Unauthorized instead of AccountLocked as
what we expected.
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Unauthorized"
}
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2049559/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
