-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 3.3.0
-
Component/s: Authentication
-
Labels:
Create an authentication stage that will "lock out" a particular remote host (identified by IP) after a given number of authentication failures within a give period of time. Such a lock out would be authentication mechanism and SP agnostic.
This stage would require that a proxy sitting in front of the container running the IdP properly pass in the correct X-Forwarded information, but that's a requirement the IdP already has.
A group of clients that are aggregated by a proxy (e.g., "the AOL problem") would cause issues for this stage. As such, one configuration option probably needs to be a list of IP ranges to ignore.
- mentioned in
-
Page Loading...