New users are locked out

MichaelA · November 9, 2019, 9:45pm

Hello,

I have a problem where some new users are locked out at creation, requiring captcha, but that doesn’t work with nginx. I tried changing from captcha to account disabling, but I can’t seem to enable them either.

I’m using standard form authentication, and it returns:
Erreur: Erreur interne

surli · November 11, 2019, 1:39pm

Hi @MichaelA

so if the users are asked for a CAPTCHA at login it means two things:

the security authentication is configured to use captcha (see https://extensions.xwiki.org/xwiki/bin/view/Extension/Authentication%20Security%20Module/)
the users typed wrong passwords several time, at least more than what’s allowed in the security authentication module

The easiest way to solve this, is just to disable the security authentication: don’t choose any strategy in the administration.

Now CAPTCHA are supposed to work with nginx.

surli · November 12, 2019, 1:56pm

Hi again,

so apparently this is not as easy as I thought We opened an issue to improve it (https://jira.xwiki.org/browse/XWIKI-16855), and to fix the CAPTCHA issue which apparently occurs in subwiki (https://jira.xwiki.org/browse/XWIKI-16856).

In the meantime, to disable this protection, you can set 0 to the max attempt configuration.