Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-15488

Limit number of login attempts until user is asked for a captcha

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Minor
    • 11.6-rc-1
    • None
    • Authentication
    • None
    • Unknown

    Description

      As mentioned in https://forum.xwiki.org/t/limit-number-of-login-attempts-until-user-gets-blocked/3432 it would be nice to have a feature to limit the number of failed logins in the standard xwiki authenticator. I am thinking of two properties like

      login.max.failed.attempts=3

      login.failed.timewindow=5  (minutes)

      Where a user gets blocked if he fails to login 3 times within 5 minutes.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16532 Add an authentication failure strategy to block user

          • Major - Major loss of function.
          • Closed
          causes

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-18229 Authentication security administration title is not translatable

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19024 DefaultAuthenticationFailureManager#getMaxTime will fail for time window bigger than 25 days

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16762 Add a lifespan to the authentication failures data

          • Major - Major loss of function.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-18133 Cannot login after disabling the authentication security mechanism

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-16776 Authentication configuration files are not hidden

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-18267 security-authentication-api is using a bad package name.

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16763 Allow to reset an authentication failure record

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-16539 TestUtils#login should fail by default if the authentication failed

          • Major - Major loss of function.
          • Closed

          Activity

            People

              surli Simon Urli
              mwe Matthias
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: