Multiple and repetitive login calls to custom security provider
kbt130936
PRODUCTIssue
When logging in with a custom security provider and providing an incorrect password, the login attempt is attempted 3 times. In some cases this causes the end user to lock his account.Symptoms
Enabling logging on, on a custom security provider and logging in using an incorrect password you will notice multiple log in attempts.Resolution
The change to only log in once has been fixed in K2 Blackpearl 4.7. This requires some configuration changes.
K2 BlackpearlK2 Smartforms RuntimeWeb.config:
Please have a look in web.config for the SecurityLabel.K2SQL.Method:
<add key="ExcludedSecurityLabels" value="SP"/>
<!-- SecurityLabel Method number that should be tried (if applicable) when authenticating users with login.aspx page (Semi-colon separated list) -->
<!-- Method 1: // Integrated login where username and domain are specified seperately. eg:denallixob => username:bob, domain: denallix -->
<!-- Method 2: // n/a -->
<!-- Method 3: // Integrated login where the username is specified and using the current domain. Tried when domain is not specified. eg:denallixob => username:bob, domain: {current domain} -->
<!-- Method 4: // n/a -->
<!-- Method 5: // Custom non-integrated login where username and domain are specified seperately. eg:denallixob => username:bob, domain: denallix -->
<!-- Method 6: // Custom non-integrated login where the username is specified as domainusername. Tried when domain is specified. eg:denallixob => username:denallixob, domain: null -->
<!-- Method 7: // Custom non-integrated login where the username is specified and using the current domain. Tried when domain is not specified. eg:bob => username:bob, domain: {current domain} -->
<!-- Method 8: // Custom non-integrated login where the username is specified as 'domainusername' with using the current domain. Tried when domain is not specified. eg:denallixob => username:k2ob, domain: null -->
<!--<add key="SecurityLabel.K2SQL.Methods" value="5;7" />-->
<add key="SODataProvider.DirectExecution" value="true"/>
Please make the following changes:
<!-- <add key="SecurityLabels" value="K2SQL"/>-->
To
<add key="SecurityLabels" value="{LABEL_NAME}"/>
To limit logins only to the {LABEL_NAME} label.
And also change
<!--<add key="SecurityLabel.K2SQL.Methods" value="5;7" />-->
to
<add key="SecurityLabel.{LABEL_NAME}.Methods" value="5" />
Make the same changes to the following 2 files:
K2 BlackpearlK2 Smartforms DesignerWeb.config
K2 BlackpearlWebServicesIdentityStsFormsWeb.config
Perform an IISRESET and K2 Blackpearl Service Restart for the changes to take affect.