Project

General

Profile

Actions

Task #1063

closed

Block login after X unsuccessful login attemps

Added by Ondřej Kopr over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Kopr
Category:
Password
Target version:
Start date:
04/09/2018
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Block login after X unsuccessful login attemps, log in will be blocket for X second

Actions #1

Updated by Ondřej Kopr over 6 years ago

  • Status changed from New to In Progress

Default IdM behavior with entity IdmPassword will be changed => Identities from synchronization hasn't password for IdM, this identities is authenticate almost always over another end system. After unsuccessful authentication attempt on this system isn't increment unsuccessful attemps in IdM (IdmPassword doesn't exist)

New behavior will be: when identity try authenticate (over idm/end system) czechIdM check if exists IdmPassword and create it.

Actions #2

Updated by Ondřej Kopr over 6 years ago

  • % Done changed from 0 to 80

I add new behavior for block log in after unsuccessful attemps. Now is log in block for Y second after X unsuccessful attemps. Block time is check before start authenticate chain. Block log in is possible for all identities (include administrators). After block is send new notification about block log in with date unblock.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/c57f551bda7b3b64a11588209108d835cdbc274f (develop)

Missing documentation + update er diagram

Actions #3

Updated by Ondřej Kopr over 6 years ago

Digram was updated, wiki doesn't work for now, I add documentation after wiki will be ok.

Commit: https://github.com/bcvsolutions/CzechIdMng/commit/fcf9f4ddcf047475384e243876da1cd81f1f23ca

Actions #4

Updated by Ondřej Kopr over 6 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Ondřej Kopr to Vít Švanda
  • % Done changed from 80 to 90

Documentation: https://wiki.czechidm.com/tutorial/adm/block_user_unsuccessful_login_attemps

Now is the ticket finally complete. Please Vitek could you made right review? I show you functionality.

Actions #5

Updated by Vít Švanda over 6 years ago

  • Status changed from Needs feedback to Resolved
  • Assignee changed from Vít Švanda to Ondřej Kopr
  • % Done changed from 90 to 100

I did test and review. Works fine.

I did some improvements:
- Modified condiction for test max attempts (=< vs <).
- Email notification - added and use new DateTimeSecound format (extended ConfigurationService).
- Added check on exists block time if the max attempts attribute is defined.
- Modified some methods, tests.

- Documetntation is pretty.

Thanks for that!

Actions #6

Updated by Ondřej Kopr over 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF