Cleanup on user lock

Airlock IAM supports cleaning up the current login status of users based on services that allow users to be locked by an IAM service. This allows deleting OAuth 2.0 session tokens and Remember Me cookies, i.e., in case of a voluntary password change or if a user has been locked out for some other reason.

Note that when importing an IAM 8.0 configuration and earlier, the cleanup is deactivated by default and should be activated manually, as described below in this article.

  • IAM services that can provide user locking:
  • AuthenticationStatusService
  • ClientFingerprintingLogoutAction
  • MaxFailedAttemptsImpl
  • LockCommonService
  • LockSelfServiceStep

There is currently no cleanup when users are locked during Transaction Approval.

Cleanup configuration

  1. Remember-Me Settings
  2. Go to:
    Loginapp >> Applications and Authentication >> Remember-Me Settings
  3. In section Basic Settings, enable the property Remove Remember-Me Tokens On User Locked.
  1. OAuth 2.0/OIDC Authorization Servers
  2. Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers
  3. For each OAuth 2.0/OIDC Authorization Server, enable the property Delete Tokens On User Locked in section Advanced Settings.