Crowd 2.5.3: Block user for a period of time after failed authentication attempts

I was wondering if there is a build-in function to block an user from logging in for an hour after failing to provide a correct password several times in a row. If not, is this possible to build with a plug-in and could someone provide any directions on how to achieve this?

Thanks in forward!

1 answer

1 accepted

2 votes
Answer accepted
Bruno Vincent Community Champion Nov 16, 2017

Well, it depends on your backend directory type.

Internal directories have a Maximum Invalid Password Attempts option but as far as I know there is no way to automatically unlock users after a certain duration. You could actually build a plugin for this, or a simpler option would be to run a cron script every hour (you can use Crowd REST API for this)

LDAP directories usually provide the required feature. For instance in Red Hat Directory Server, you will need to configure an account lockout policy and set the lockout duration. Active Directory also has an account lockout duration parameter in its Account Lockout Settings.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Opsgenie

Getting the Most out of Atlassian and Opsgenie Together

We’re excited to invite you to this action-packed webinar where we will demonstrate how to integrate Opsgenie’s powerful alerting and on-call management tools with your entire Atlassian stack. Mar...

44 views 0 0
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you