Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-15488

Limit number of login attempts until user is asked for a captcha

          Details

          • Type: New Feature
          • Status: Closed
          • Priority: Minor
          • Resolution: Fixed
          • Affects Version/s: None
          • Fix Version/s: 11.6-rc-1
          • Component/s: Authentication
          • Labels:
            None
          • Difficulty:
            Unknown
          • Documentation:
          • Documentation in Release Notes:
          • Similar issues:

            Description

            As mentioned in https://forum.xwiki.org/t/limit-number-of-login-attempts-until-user-gets-blocked/3432 it would be nice to have a feature to limit the number of failed logins in the standard xwiki authenticator. I am thinking of two properties like

            login.max.failed.attempts=3

            login.failed.timewindow=5  (minutes)

            Where a user gets blocked if he fails to login 3 times within 5 minutes.

              Attachments

                Issue Links

                blocks

                Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16532 Add an authentication failure strategy to block user

                • Major - Major loss of function.
                • Closed
                causes

                Bug - A problem which impairs or prevents the functions of the product. XWIKI-18229 Authentication security administration title is not translatable

                • Major - Major loss of function.
                • Closed
                is related to

                Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16762 Add a lifespan to the authentication failures data

                • Major - Major loss of function.
                • Open
                relates to

                Bug - A problem which impairs or prevents the functions of the product. XWIKI-16776 Authentication configuration files are not hidden

                • Major - Major loss of function.
                • Closed

                Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16763 Allow to reset an authentication failure record

                • Major - Major loss of function.
                • Open

                Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16539 TestUtils#login should fail by default if the authentication failed

                • Major - Major loss of function.
                • Closed

                  Activity

                    People

                    • Assignee:
                      surli Simon Urli
                      Reporter:
                      mwe Matthias
                    • Votes:
                      1 Vote for this issue
                      Watchers:
                      4 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:
                        Date of First Response: