6.2.2.2.3. Account Locking and Validity Attributes
Attribute Name (Examples)
Usage
Type
Ldap Connector
Ldap Token
List Persister
Ldap Pwd Self Service
Token Persister
isLocked
Flag telling whether the user is locked or not. Locked user cannot log in.
Boolean
O
lockDate
Date and time when the user was locked the last time. May be empty.
Timestamp
O
lockReason
Reason why the user is locked. May be empty. May be empty.
String
O
valid
Flag telling whether the user account is valid. Invalid accounts cannot be used for authentication. Defaults to true.
Boolean
O
notValidBefore
Date and time before which the user account is considered to be invalid. Invalid accounts cannot be used for authentication. Defaults to true.
Timestamp
O
notValidAfter
Date and time after which the user account is considered to be invalid. Invalid accounts cannot be used for authentication. Defaults to true.
Timestamp
O
failedLogins
Counts the number of failed login attempts since the latest successful login.
Integer
O
failedTokenCounts
Counts the number of failed attempts on authentication tokens
String
O
failedLoginsBeforeLatestSuccessfulLogin
Counts the number of failed login attempts reached before the latest successful login.
Integer
O
failedStepupAttempts
Counts the number of failed Step-Up attempts. 
Integer
R
= required by plugin
O
= may be used by plugin