What kind of blocking are you using? Are you disabling the account completely or just adding a time delay?
If you are disabling the account completely then perhaps you would have different behaviour if you just block for a limited time instead.
If you are already using the timed block then I guess what you are attempting may not be possible.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Thu September 03, 2020 06:49 AM
From: Igor Vinogradov
Subject: Kerberos authentication on ISAM 9.0
Hi Jon,
We use two types of authentication simultaneously: Kerberos and forms. When a user blocks their account using the authentication form, they also cannot log in using the Kerberos Protocol, which will make it inconvenient for the user.
------------------------------
Igor Vinogradov
Original Message:
Sent: Thu September 03, 2020 06:05 AM
From: Jon Harry
Subject: Kerberos authentication on ISAM 9.0
Hi Igor,
If a user's Access Manager account is disabled (which is what I assume you mean by "blocked") then they will not be able to authenticate in any way.
What is your use-case? Perhaps there is another way it can be achieved.
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
Original Message:
Sent: Thu September 03, 2020 05:56 AM
From: Igor Vinogradov
Subject: Kerberos authentication on ISAM 9.0
Hi, community!
If we have configured Kerberos authentication on ISAM 9.0, can I configure the ISAM so that if the Access manager account is blocked but Kerberos authentication is successful, WebSEAL processes the user's request and generates a session ?
------------------------------
Igor Vinogradov
------------------------------