Support Questions

Find answers, ask questions, and share your expertise

Block user after multiple unsuccessful login attempts to Zeeplin UI.

Contributor

Hi,

Is there any configuration in Zeeplin which disables a user login after multiple unsuccessful login attempts?

If yes, could you please provide me the same

Thanks for your time and effort

3 REPLIES 3

Expert Contributor

There is no configuration in Zeppelin to disable user login on excessive attempts.

However, Zeppelin uses Apache Shiro for authentication which has un-handled exception catch for ExcessiveAttemptsException. You will need to implement and deploy on your own.

https://shiro.apache.org/authentication.html#Authentication-Step3%3AHandlingSuccessorFailure

http://shiro-user.582556.n2.nabble.com/ExcessiveAttemptsException-How-to-configure-td4534742.html

Guru

Hello @Sriram,

Zeppelin can not (& should not) disable user login upon multiple unsuccessful attempts. It is the duty of underlying authentication service (AD or LDAP) to do so. Organizations usually define this in login policy (like password policy, account lockout policy etc.) at the authentication service. Zeppelin, like any other service, just reacts to these policies.

Hope this helps!

Contributor

@Vipin, @Umair Khan Thanks for your time and kind help.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.