Logins and passwords#

Number of password verifications#

You can set a limit on the number of simultaneous password authentications with the same user login in a period of time. The default setting is that Blitz Identity Provider allows no more than 3 authentications to the same login within 600 ms. To adjust the default settings, you must add the following block in the blitz.conf configuration file to the blitz.prod.local.idp.login.methods.password section:

"throughput": {
  "limit": 3,
  "window": 600
}

Password change at login#

If Blitz Identity Provider is connected to a writable account storage (the storage is not in read-only mode), then when a user logs in with an account from that storage, if the password policy requires the user to change their password, the user will be presented with a password change screen (asking them to enter their old and new password). Sometimes displaying the password change screen at login is not desirable. You can disable the screen by setting the following block of settings in the blitz.conf configuration file under blitz.prod.local.idp.login.methods.password:

"changePasswordMode": {
  "type": "except_for",
  "idStores":["ldap1","ldap2"]
}

The idStores setting should list the identifiers of those account storages for which the user should not be prompted to change their password at login.

System names of login and password fields#

By default, Blitz Identity Provider names the login and password fields with the identifiers login and password on the login page. When implementing Blitz Identity Provider when migrating from an existing login system that used different field names, there may be a requirement that you need to keep the previously used field names in Blitz Identity Provider. This may be useful because some browsers that have saved user logins and passwords and use them for auto-substitution will be able to continue to auto-substitute the saved values even when the login system switches to using Blitz Identity Provider, as long as the domain of the login page and the name of the fields on the login page are preserved.

To set the required login and password field names, the following settings must be added to the blitz.prod.local.idp.password settings block:

  • loginInputName - ID of the login input field on the login page;

  • passwordInputName - ID of the password input field on the login page.

Example of configuration:

"password" : {
    …
    "loginInputName" : "j_username",
    "passwordInputName" : "j_password",
    …
}