Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 11.6-rc-1
-
Component/s: Authentication
-
Labels:None
-
Difficulty:Unknown
-
Documentation in Release Notes:
-
Similar issues:
Description
As mentioned in https://forum.xwiki.org/t/limit-number-of-login-attempts-until-user-gets-blocked/3432 it would be nice to have a feature to limit the number of failed logins in the standard xwiki authenticator. I am thinking of two properties like
login.max.failed.attempts=3
login.failed.timewindow=5 (minutes)
Where a user gets blocked if he fails to login 3 times within 5 minutes.
Attachments
Issue Links
- blocks
-
XWIKI-16532 Add an authentication failure strategy to block user
-
- Closed
-
- causes
-
XWIKI-18229 Authentication security administration title is not translatable
-
- Closed
-
- is related to
-
XWIKI-16762 Add a lifespan to the authentication failures data
-
- Open
-
- relates to
-
XWIKI-16776 Authentication configuration files are not hidden
-
- Closed
-
-
XWIKI-16763 Allow to reset an authentication failure record
-
- Open
-
-
XWIKI-16539 TestUtils#login should fail by default if the authentication failed
-
- Closed
-