]
Darran Lofthouse commented on ELY-297:
--------------------------------------
We need to consider some general 'defense' capabilities to support when using
Elytron backed authentication. At the same time we need to ensure those measures
don't become an opportunity for denial of service. Either way moved to Elytron as
this is probably the correct place to consider this now.
Account Lockout
---------------
Key: ELY-297
URL:
https://issues.jboss.org/browse/ELY-297
Project: WildFly Elytron
Issue Type: Task
Components: HTTP, Realms, SASL
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Labels: Common_Authentication, Realm_Management, management_security,
One issue to consider is that we are using realms to integrate with existing user stores
so may not be able to update the remote store: -
- Consider an option to update the remote store if possible.
- If not cache a backlisted user until an admin unlocks that account
Before being implemented this feature will require further discussion, in additional to
locking mechanisms for unlocking should also be considered and also the potentional for
denail of service type attacks based on locking out the administrators.