Defect #1572
closed
Logon attempts exceeded with SSO
Added by Vladimír Kotýnek about 5 years ago.
Updated about 3 years ago.
Category:
Authentication / Authorization
Description
version: 9.2
In my IDM environment I have SSO on and I have set unsuccessful logon attempts limit. I have Active Directory user kotynekv with a superAdmin role in IDM. Instead of using my "kotynekv" account I log in with the "admin" account. And after a while an e-mail messages starts to spam me:
Dobrý den,
pro vaše uživatelské jméno kotynekv byl překročen počet neúspěšných pokusů o přihlášení. Aktuální počet neúspěšných pokusů o přihlášení: 15
Zkuste se přihlásit znovu po 21.03.2019 13:22:38.
S pozdravem BCV Solutions s.r.o.
-------------------------------------------------------------------------------------
Hello,
for your username kotynekv has been exceeded the number of unsuccessful logon attempts. Current number of unsuccessful login attempts: 15
Try signing up after 21.03.2019 13:22:38.
Regards BCV Solutions Ltd.
I lock my regular account by using another account with SSO on.
- Category changed from Password policy to Authentication / Authorization
- Status changed from New to Closed
- Assignee changed from Ondřej Kopr to Radek Tomiška
- Target version set to 11.0.0
- % Done changed from 0 to 100
- Affected versions Morganite (9.2.0) added
I'm not able to reproduce this issue in current develop (combination of different remote sso user provided by header and different logged user).
I'm closing this obsolete ticket. We can open it again, if issue occurs and additional information for reporoducing will be provided.
Note: Authentication mechanism (#2506) and creating redundant tokens under sso (#2767) were improved in the meantime => combination of this two improvements propably solved it.
- Related to Task #2506: Authentication: Two factor authentication added
- Related to Defect #2767: SSO: Redundant token generated for public configuration endpoint, when SSO is enabled added
Also available in: Atom
PDF
