Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11088

Recaptcha on login screen to unlock locked account

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Support Ticket IDs:

      Description

      Customer wants to be able to set a property on the realm that will force a user to complete a re-captcha if the XUI has indicated that the user account has been disabled. If the user completes the recaptcha successfully, the account will be unlocked and authentication will proceed.

      Customer have specifically asked that this is implemented on the first screen where user credentials are entered and not in a separate authN module, in keeping with login screens from Google/Microsoft etc.

      This would mitigate the risk of a DOS on customer accounts while still being able to lock an account out to protect from a dictionary/brute-force attack.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                simon.harding Simon Harding
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: