Settings¶
Login Attempts¶
The login attempt functionality is a security mechanism for limiting and managing unsuccessful login attempts within the Industrial Edge Device. It will enable administrators to enforce a configurable limit on the number of consecutive invalid access attempts and deny access for a specified period of time when this limit is reached.
This is enforced through the following setting values:
| Settings name | Description | Default Value |
|---|---|---|
| loginResetTime | time period after which the failed attempts will be reseted | 15m |
| loginBlockingTime | time period after which the user will be unblocked | 15m |
| noOfAttempts | the amount of incorrect attempts before the user gets blocked by the system | 5 |
| loginAttemptFunctionalityEnabled | The functionality can be turned on or off with this value | true |
Error Messages/Codes¶
Users are allowed a specific number of login attempts, which is set to 5 by default. If a user exceeds this limit, they will encounter the edge.login.invalidLoginCredentials error. The counter will reset either after a successful login attempt or if no invalid attempts are made within the loginResetTime period (15 minutes).
NOTICE
In previous api versions the error edge.login.invalidLoginCredentialWithRetries was sent, which contained the remaining attempts available. This was removed as a minimum of security relevant data should be sent to the possible attacker.
After the user is blocked, he will receive the edge.login.maxAttemptExceeded error.
| Error code | Description |
|---|---|
| edge.login.invalidLoginCredentials | Invalid credentials, retry. |
| edge.login.invalidLoginCredentialWithRetries | Invalid credentials. Try again. Login retries left: {} |
| edge.login.maxAttemptExceeded | You have exceeded the maximum number of login attempts. Your account is temporarily blocked. For detailed information please contact your device admin. |
Configuration¶
Early Access
This API is in Early Access and subject to change.
The device admin is able to configure the functionality through the /settings/login-attempts endpoint. Further details are described in the API section.
Unblock a user¶
Early Access
This API is in Early Access and subject to change.
A blocked user can be unblocked by an admin user with the /user/{userId}/unblock endpoint.