This documentation is for WSO2 Identity Server 5.8.0 . View documentation for the latest release.

All docs This doc
||
Skip to end of metadata
Go to start of metadata
This topic guides you through configuring reCaptcha for the single sign on flow. By configuring reCaptcha, you can mitigate or block brute force attacks.



  1. Set up reCaptcha with the WSO2 Identity Server. For instructions on how to do this and more information about reCaptcha, see Setting Up ReCaptcha

    Note: To modify the filter mapping for reCaptcha, open the web.xml file located in the <IS_HOME>/repository/conf/tomcat/carbon/WEB-INF directory and find the following filter. You can modify the relevant URL patterns if required.

    <filter>
            <filter-name>CaptchaFilter</filter-name>
            <filter-class>org.wso2.carbon.identity.captcha.filter.CaptchaFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>CaptchaFilter</filter-name>
            <url-pattern>/samlsso</url-pattern>
            <url-pattern>/oauth2</url-pattern>
            <url-pattern>/commonauth</url-pattern>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
  2. Start the WSO2 IS Server and login to the management console.
  3. Click Resident in the Identity Provider section and expand the Login Policies tab. Then, expand the Captcha for SSO Login tab. 
  4. Select Enable and enter a value for the Max failed attempts field. For example, if you enter 3, reCaptcha will be re-enabled after 3 failed attempts. 

    Note: This value should be less than the number of failed attempts configured in the account locking connector.

  5. You have now successfully configured reCaptcha for the single sign on flow. If the number of failed attempts reaches the maximum configured value, the following reCaptcha window appears.

    7.png

  • No labels