Blocking Authenticator - UI

Version 4.1 by Clemens Robbenhaar on 2019/08/21 18:20

cogUI for the blocking authenticator to configure blocking criteria and manage blocked users
TypeXAR
Category
Developed by

Clemens Robbenhaar

Rating
0 Votes
LicenseGNU Lesser General Public License 2.1

Installable with the Extension Manager

Description

This extension implements something similar to the "Authentication Security Module" introduced in XWiki 11.6. If you use a XWiki 11.6 or newer, you are unlikely to need this extension; it is meant to be helpful if you are running the LTS version of XWiki, which is 10.x when the initial version of this extension has been released.

This extension adds an authenticator to your wiki that temporarily blocks users and IPs after a configured number of login failures are recorded for that login or IP. It also adds a section to the XWiki Administration where you can configure the number of failed logins to trigger the blockage and the duration of the blockage, and where you can view and selectively unblock users and IPs.

If you have a wiki that has been in use for a long time, so that it still has the user named "Admin" as predefined adminstrative user, please set up another user with administrative privileges and a less conspicuous name. Otherwise this extension might lock you out from your admin account until you restart the wiki every time someone tries to guess the "Admin"-password.

(Screenshots are following soon.)

Prerequisites & Installation Instructions

We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager). Note that installing Extensions when being offline is currently not supported and you'd need to use some complex manual method.

You can also use the following manual method, which is useful if this extension cannot be installed with the Extension Manager or if you're using an old version of XWiki that doesn't have the Extension Manager:

  1. Log in the wiki with a user having Administration rights
  2. Go to the Administration page and select the Import category
  3. Follow the on-screen instructions to upload the downloaded XAR
  4. Click on the uploaded XAR and follow the instructions
  5. You'll also need to install all dependent Extensions that are not already installed in your wiki

After you have installed the extension, the authenticator needs to be enabled. 

This needs to be done on the file system in the configuration file xwiki.cfg; please set:

xwiki.authentication.authclass=org.xwiki.contrib.authentication.blocking.internal.BlockingAuthServiceImpl 

Afterwards you need to restart the XWiki server to makes these changes effective.

Dependencies

Dependencies for this extension (org.xwiki.contrib.authentication:authenticator-blocking-ui 1.0):

    

Get Connected