[IDP-156] Create an authn lock-out stage - Shibboleth JIRA

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0
Component/s: Authentication
Labels:
- 3.3-plan

Description

Create an authentication stage that will "lock out" a particular remote host (identified by IP) after a given number of authentication failures within a give period of time. Such a lock out would be authentication mechanism and SP agnostic.

This stage would require that a proxy sitting in front of the container running the IdP properly pass in the correct X-Forwarded information, but that's a requirement the IdP already has.

A group of clients that are aggregated by a proxy (e.g., "the AOL problem") would cause issues for this stage. As such, one configuration option probably needs to be a list of IP ranges to ignore.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Apache License 2.0.txt
12/Oct/16 12:06 PM
11 kB
cab@umn.edu
ldap-authn-config.xml.diff
10/Oct/16 3:38 PM
0.6 kB
cab@umn.edu
password-authn-beans.xml.diff
10/Oct/16 3:35 PM
2 kB
cab@umn.edu
Hide
shib-idpv3-contrib.zip
10/Oct/16 3:04 PM
9 kB
cab@umn.edu
Extracting archive...
Show
shib-idpv3-contrib.zip
10/Oct/16 3:04 PM
9 kB
cab@umn.edu

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Scott Cantor

Reporter:: Tom Zeller

Watchers:: 3 Start watching this issue

Dates

Created:: 02/Apr/12 10:34 AM

Updated:: 10/Nov/16 7:24 PM

Resolved:: 18/Oct/16 2:28 PM

Time Tracking

Estimated:

Remaining:

Logged:

2d 4h