Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[gateway][idp][auth] handle login attempt failure when the IDP is configure to accept several username input #7797

Closed
Tracked by #7820
remisultan opened this issue Jun 3, 2022 · 0 comments
Closed
Tracked by #7820

[gateway][idp][auth] handle login attempt failure when the IDP is configure to accept several username input #7797

remisultan opened this issue Jun 3, 2022 · 0 comments
Assignees
@remisultan
Labels
project: AM type: bug
Milestone
AM - 3.17.2

Comments

@remisultan
Copy link

💥 Describe the bug

When an IDP is configured to accept multiple username input (aliases) (email / username) the login attempt won't be initialised for the other username but only the one that AM considers aliases.

image

🌄 To Reproduce

Steps to reproduce the behaviour:

  1. Configure Brute Force Detection
  2. Fail to login with a user with already existing username but use an alias (e.g username = john.doe, email=john.doe@unknown.com) as many times as needed to activate brute force detection
  3. Notice the user was not blocked

🌈 Expected behaviour

The user considering many of their aliases should be blocked

Current behaviour

The user considering many of their aliases is not blocked
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@remisultan remisultan

Labels
project: AM type: bug
Projects
None yet
Milestone
AM - 3.17.2
Development

No branches or pull requests
3 participants
@remisultan @apoddany @omatthewsgravitee