| 摘要 |
Different types of soft-lockout policies can be associated with different organizations (or groups) in an identity management system. Each soft-lockout policy can indicate different parameters such as a number of login attempts allowed and an amount of time that a user account will be locked-out if the maximum allowed attempts are exceeded unsuccessfully. Users can be associated with the different organizations. For each user, the soft-lockout policies for the organization with which that user is associated are applied to that user when that user attempts to log in. Thus, different groups of users can be handled with different security behaviors regarding unsuccessful login attempts. If, for example, a user were to become moved from one organization to another, then the soft-lockout policies associated with the user's new organization would become applicable to that user. |
| 主权项 |
1. A method comprising:
exposing, to a first client application, a first invocable method for performing a first type of operation relative to account state information stored in a repository; detecting a first invocation of the first invocable method by the first client application; determining, based on the first invocation, a first repository in which first account state information pertaining to a first account is stored; determining, by the first invocable method, based on first metadata, a first repository type of the first repository, wherein the first metadata maps the first account to the first repository, and the first metadata maps the first repository to the first repository type; in response to determining, based on mappings within the first metadata, that the first account is maintained within the first repository that is of the first repository type, executing first code, contained within the first invocable method, that performs the first type of operation relative to the first account state information pertaining to the first account stored in the first repository; based on a second invocation of the first invocable method by the first client application, determining, by the first invocable method, using second metadata, a second repository type of a second repository in which second account state information pertaining to a second account is stored, wherein the second metadata maps the second account to the second repository, and the second metadata maps the second repository to the second repository type, and wherein the second repository type differs from the first repository type; and based on determining that the second account is maintained within the second repository, executing second code, contained within the first invocable method, that performs the first type of operation relative to the second account state information pertaining to the second account stored in the second repository of the second repository type, wherein the second code differs from the first code. |
