Help Center/ Identity and Access Management/ API Reference/ API/ Security Settings/ Modifying the Login Authentication Policy
Updated on 2024-11-18 GMT+08:00

Modifying the Login Authentication Policy

Function

This API is provided for the administrator to modify the login authentication policy.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Table 3 Parameter in the request body

Parameter

Mandatory

Type

Description

login_policy

Yes

object

Login authentication policy.

Table 4 login_policy

Parameter

Mandatory

Type

Description

account_validity_period

No

Integer

Validity period (days) to disable users if they have not logged in within the period. Value range: 0–240

custom_info_for_login

No

String

Custom information that will be displayed upon successful login.

lockout_duration

No

Integer

Account lockout duration (minutes). Value range: 15–30.

login_failed_times

No

Integer

The maximum number of unsuccessful login attempts to lock users out within a specific period. Value range: 3–10

period_with_login_failures

No

Integer

Period (minutes) to count the number of unsuccessful login attempts. Value range: 15–60.

session_timeout

No

Integer

Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period. Value range: 15–1440

show_recent_login_info

No

Boolean

Indicates whether to display last login information upon successful login. The value can be true or false.

Response Parameters

Table 5 Parameters in the response body

Parameter

Type

Description

login_policy

object

Login authentication policy.

Table 6 login_policy

Parameter

Type

Description

account_validity_period

Integer

Validity period (days) to disable users if they have not logged in within the period.

custom_info_for_login

String

Custom information that will be displayed upon successful login.

lockout_duration

Integer

Account lockout duration (minutes).

login_failed_times

Integer

The maximum number of login failures within a specified period.

period_with_login_failures

Integer

Period (minutes) to count the number of unsuccessful login attempts.

session_timeout

Integer

Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period.

show_recent_login_info

Boolean

Indicates whether to display last login information upon successful login.

Example Request

Request for modifying the login authentication policy to the following: The period to count the number of unsuccessful login attempts is 15 minutes, an account that has not been logged in within 99 days will be locked out, the number of login failures within the login duration is 3, the login session expiration time is 16 minutes, and the last login information needs to be displayed.

PUT https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy 
 
{ 
  "login_policy" : { 
    "custom_info_for_login" : "", 
    "period_with_login_failures" : 15, 
    "lockout_duration" : 15, 
    "account_validity_period" : 99, 
    "login_failed_times" : 3, 
    "session_timeout" : 16, 
    "show_recent_login_info" : true 
  } 
}

Example Response

Status code: 200

The request is successful.

{ 
  "login_policy" : { 
    "custom_info_for_login" : "", 
    "period_with_login_failures" : 15, 
    "lockout_duration" : 15, 
    "account_validity_period" : 99, 
    "login_failed_times" : 3, 
    "session_timeout" : 16, 
    "show_recent_login_info" : true 
  } 
}

Status code: 400

The request body is abnormal.

  • Example 1
{ 
   "error_msg" : "'%(key)s' is a required property.", 
   "error_code" : "IAM.0072" 
 }
  • Example 2
{ 
   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
   "error_code" : "IAM.0073" 
 }

Status code: 403

Access denied.

{ 
  "error_msg" : "You are not authorized to perform the requested action.", 
  "error_code" : "IAM.0002" 
}

Status code: 500

The system is abnormal.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

400

The request body is abnormal.

401

Authentication failed.

403

Access denied.

500

The system is abnormal.

Error Codes

For details, see Error Codes.