shibboleth-dev - Re: [Shib-Dev] Account lockout
Subject: Shibboleth Developers
List archive
- From: Andrew Petro <>
- To:
- Subject: Re: [Shib-Dev] Account lockout
- Date: Wed, 23 Mar 2011 13:18:37 -0400
|
> Has anyone implemented an "attack lock" ... for the IdP?
I haven't. For what (little) it's worth, the Jasig CAS source code for implementing this use case is here: https://source.jasig.org/cas3/tags/cas-server-3.4.6/cas-server-core/src/main/java/org/jasig/cas/web/support/ InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter.java as concrete implementation e.g. Might be useful to anyone looking to implement nuances on this use case in Shibboleth IdP. Andrew On 03/23/2011 01:11 PM, Christopher Bongaarts wrote: Has anyone implemented an "attack lock" (X failed password attempts without a success in Y minutes locks out further attempts for Z minutes) for the IdP? |
- [Shib-Dev] Account lockout, Christopher Bongaarts, 03/23/2011
- Re: [Shib-Dev] Account lockout, Andrew Petro, 03/23/2011
- Re: [Shib-Dev] Account lockout, Chad La Joie, 03/23/2011
- Re: [Shib-Dev] Account lockout, Christopher Bongaarts, 03/23/2011
- RE: [Shib-Dev] Account lockout, Dergenski, Todd A., 03/24/2011
Archive powered by MHonArc 2.6.16.