Shibboleth Developers

[Chad La Joie <>]

If this is important behavior why isn't your IdM system doing that?
What you describe is pretty much useless unless every single system is
doing it.  And if every system isn't doing it, and thus the feature
isn't effective, why would you want it in the IdP?

On Wed, Mar 23, 2011 at 13:11, Christopher Bongaarts 
<>
 wrote:
> Has anyone implemented an "attack lock" (X failed password attempts without
> a success in Y minutes locks out further attempts for Z minutes) for the
> IdP?
>
> If not, would the StorageService be a good place to keep the necessary
> state?
> --
> %%  Christopher A. Bongaarts   %% 
>  
>           %%
> %%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
> %%  University of Minnesota    %%  +1 (612) 625-1809    %%
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered