Skip to content

Login attempts

Secure user accounts from unauthorized access by configuring the login attempts policy in WSO2 Identity Server.

Configuration instructions

To manage login attempts settings, do the following:

  1. In the WSO2 Identity Server Console, go to Login & Registration > Login Security > Login Attempts.
  2. Adjust the settings according to your security requirements.
  3. Click Update to save the changes.

Login Attempts Configuration

Parameters

Parameter Description
Number of Consecutive Failed Login Attempts The count of consecutive incorrect login attempts before locking the account.
Account Lock Duration The time in minutes an account stays locked after reaching the failed attempt limit.
Account Lock Duration Increment Factor The rate at which the lock duration increases after successive lockouts.

Info

  • In the WSO2 Identity Server login pages, a generic error message is displayed by default to end-users in the event of login failures. To show more specific error messages on the login page, the following properties can be configured in the deployment.toml file, which is located in the <IS_HOME>/repository/conf directory.

Basic authenticator configurations:

    [authentication.authenticator.basic.parameters]
    showAuthFailureReason = true
    showAuthFailureReasonOnLoginPage = true

Email OTP authenticator configurations:

    [authentication.authenticator.email_otp.parameters]
    showAuthFailureReason = true
    showAuthFailureReasonOnLoginPage = true

TOTP authenticator configurations:

    [authentication.authenticator.totp.parameters]
    showAuthFailureReason = true
    showAuthFailureReasonOnLoginPage = true