Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This topic guides you through configuring

...

reCAPTCHA for the single sign-on flow. By configuring

...

reCAPTCHA, you can mitigate or block brute force attacks.

Info
  • For more information on configuring single sign-on,

...

...

  1. Set up reCaptcha reCAPTCHA with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptchareCAPTCHA, see Setting Up ReCaptcha

  2. NoteNote: To If you want to modify the filter mapping for reCaptcha, open reCAPTCHA: 
    1. Open the web.
    xml file located
    1. xml file in the <IS_HOME>/repository/conf/tomcat/carbon/WEB-INF
     directory and find
    1.  directory.

    2. Locate the following filter

    . You can

    1. and modify the relevant URL patterns if required. 

      Code Block
      languagexml
      <filter>
        <filter-name>CaptchaFilter</filter-name>
        <filter-class>org.wso2.carbon.identity.captcha.filter.CaptchaFilter</filter-class>

    1. </filter>
    1. 

    1. <filter-mapping>
        <filter-name>CaptchaFilter</filter-name>
        <url-pattern>/samlsso</url-pattern>
        <url-pattern>/oauth2</url-pattern>
        <url-pattern>/commonauth</url-pattern>
        <dispatcher>FORWARD</dispatcher>
        <dispatcher>REQUEST</dispatcher>

    1. </filter-mapping>
  3. Start the WSO2 IS Identity Server and login sign in to the management consoleManagement Console. 
  4. Click List under Identity Providers found in the Main tab.
  5. Click Resident Identity Provider and expand the Login Policies tab. Then, expand the Captcha for SSO Login tab. 

  6. Select Enable and enter a value for the Max failed attempts field. For example, if you enter 3, reCaptcha will be re-enabled after 3 failed attempts. 
    Image Removed

    NoteNote:
  7. On the Main tab, click Identity > Identity Providers > Resident.
    Image Added
  8. To configure captcha:
    1. Expand Login Policies > Captcha for SSO Login
      Image Added

    2. Provide the required data as given below. 

      FieldDescriptionSample Value
      EnableThis determines whether the captcha verification at SSO should be enabled or not.Enable
      Max failed attempts

      This defines the maximum number of failed attempts allowed without having to use the captcha.

      Note

      This value should be less than the number of failed attempts configured for account locking in the

    account locking connector.

    Image Removed

    You have now successfully configured reCaptcha for the single sign on flow. If the number of failed attempts reaches the maximum configured value, the following reCaptcha window appears.
    7.pngImage Removed

    1. next step.

      		3

      Image Added

  9. To configure account locking: 

    Warning

    This configuration ensures that user account gets locked when an incorrect password is typed even after using the captcha.

    1. Expand  Login Policies > Account Locking.

      Image Added

    2. Provide the required data as given below. 

      FieldDescriptionSample Value
      Account Lock Enabled

      This determines whether the accounts should get locked for failed logins or not.

      		Enabled
      Maximum Failed Login Attempts

      This defines the maximum number of failed attempts allowed.

      		5
      Account Unlock TimeThis defines the duration in minutes for which the account is locked for.5
      Lock Timeout Increment Factor

      This defines how the account unlock time should be increased for every subsequent account locking.

      		2

      Image Added

  10. Click Update.
    You have successfully configured reCAPTCHA for SSO.

  11. Access the WSO2 Identity Server Dashboard.

  12. Attempt signing in as an administrator with an incorrect password for three times. The reCAPTCHA appears.

    Image Added