/
Configuring reCaptcha for Single Sign-On

This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring reCaptcha for Single Sign-On

Feb 28, 2019

This topic guides you through configuring reCAPTCHA for the single sign-on flow. By configuring reCAPTCHA, you can mitigate or block brute force attacks.

  1. Set up reCAPTCHA with WSO2 Identity Server. For instructions on how to do this and more information about reCAPTCHA, see Setting Up reCAPTCHA

  2. If you want to modify the filter mapping for reCAPTCHA: 

    1. Open the web.xml file in the <IS_HOME>/repository/conf/tomcat/carbon/WEB-INF directory.

    2. Locate the following filter and modify the relevant URL patterns if required. 

      <filter> <filter-name>CaptchaFilter</filter-name> <filter-class>org.wso2.carbon.identity.captcha.filter.CaptchaFilter</filter-class> </filter> <filter-mapping> <filter-name>CaptchaFilter</filter-name> <url-pattern>/samlsso</url-pattern> <url-pattern>/oauth2</url-pattern> <url-pattern>/commonauth</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping>

  3. Start WSO2 Identity Server and sign in to the Management Console.

  4. On the Main tab, click Identity > Identity Providers > Resident.

  5. To configure captcha:

    1. Expand Login Policies > Captcha for SSO Login

    2. Provide the required data as given below. 

  6. To configure account locking: 

    1. Expand  Login Policies > Account Locking.

    2. Provide the required data as given below. 

  7. Click Update.
    You have successfully configured reCAPTCHA for SSO.

  8. Access the WSO2 Identity Server Dashboard.

  9. Attempt signing in as an administrator with an incorrect password for three times. The reCAPTCHA appears.