Skip to main content

Configuring security policies

2 Aufgaben

5 Min.

 Visible to: All users
Mittel
Pega Platform '24.2
Security
Englisch
Prüfen Sie die Version, um sicherzustellen, dass Sie mit dem richtigen Inhalt arbeiten, oder schließen Sie die neueste Version ab.

Szenario

GogoRoad is experiencing a large number of failed login attempts. Management suspects that the attempts are malicious attacks by an internet bot. Management has asked you to implement a new security requirement. After the first failed login attempt, the user cannot make additional attempts without further verification. After each attempt, the user must wait for a progressively longer period before making another attempt. The first failed attempt is delayed by five seconds.

After the first failed login attempt, display a CAPTCHA on the login page to verify that the user is a human and not an automated bot. After two failed attempts, enable a lockout penalty to delay further login attempts in five-second increments.

The following table provides the credentials you need to complete the challenge.

Role User name Password
Application Developer author@gogoroad pega123!
Hinweis: Your practice environment may support the completion of multiple challenges. As a result, the configuration shown in the challenge walkthrough may not match your environment exactly.

Sie müssen zum Abschließen dieser Challenge Ihre eigene Pega-Instanz starten.

Die Initialisierung kann bis zu 5 Minuten dauern, bitte haben Sie Geduld.

Challenge-Schritte

Genaue Übungsschritte

1 Configure CAPTCHA

In the Pega instance for the challenge, enter the following credentials:

  1. In the User name field, enter author@gogoroad.
  2. In the Password field, enter pega123!.
  3. In the header of Dev Studio, click Configure > Org & Security > Authentication > Security Policies to open the Security Policies landing page.
  4. In the Frequently required policies section, select the Enable frequently required policies (except for PRAuth-based authentication services) check box to enable the frequently required security policies. 
    Frequently required policies
    Hinweis: The Enable frequently required policies option is enabled by default in Pega Platform but is disabled to facilitate this particular challenge.
  5. In the CAPTCHA policies section, in the Enable CAPTCHA Reverse Turing test module field, select Enabled to enable the CAPTCHA feature.
  6. In the Enable presentation of CAPTCHA upon initial login list, select Disabled to ensure that the CAPTCHA appears only after the first failed login attempt.
  7. In the Probability that CAPTCHA will be presented upon authentication failure (%) field, enter 100 to ensure that the CAPTCHA is always presented when a login attempt fails.
    Captha policies challenge enabled

2 Configure the lockout penalty

  1. In the Lockout policies section, in the Enable authentication lockout penalty field, select Enabled to activate the lockout penalty.
  2. In the Failed login attempts before employing authentication lockout penalty field, enter 2 to set the lockout penalty to take effect after two failed attempts.
  3. In the Initial authentication lockout penalty in seconds field, enter 5 to set the first lockout period to five seconds.
    Hinweis: Subsequent lockout periods increase in five second increments.
    Lockout policies challenge enabled
  4. Click Submit to apply the security policy updates.
    Configure security policies
    Tipp: When you import security policies in a Pega Platform™ instance, you may need to clear the Data Page that loads those settings. In Dev Studio, navigate to the Declare_AuthPolicies Data Page and click Load Management > Clear data page to flush the Data Page.

Arbeit überprüfen

  1. Log out of the application. The Pega login screen is displayed.
  2. On the login screen, in the User name field, enter author@gogoroad.
  3. In the Password field, enter an invalid password.
  4. Click Log in to invoke an error message and a CAPTCHA field.
    Login with Captcha
  5. Make a second attempt by using invalid credentials.
  6. Enter the CAPTCHA value, and then click Log in.
  7. Make a third invalid login attempt to ensure the Log in button is unavailable for five seconds.
    Hinweis: After your third login attempt, the system might display an Error Authentication failed message. Refresh your browser window to return to the login page.
    Test without login button
  8. Make a fourth invalid login attempt to ensure the Log in button is unavailable for ten seconds.
  9. Log in to the application with the correct credentials to ensure that you can access the application.
Hinweis: After successfully logging in, you receive a prompt to change your password.
Tipp: During application development, to prevent user lockouts, you may need to disable security policies until your application is in production. Return to the Security Policies landing page to disable the settings.

In dieser Challenge üben Sie, was Sie im folgenden Modul gelernt haben:

In der folgenden Mission verfügbar:

Zur Mission zurückkehren Mission fortsetzen
Wenn Probleme mit den Lerninhalten auftreten, lesen Sie bitte die Pega Academy Support FAQs.

Fanden Sie diesen Inhalt hilfreich?

Ja
Nein

Möchten Sie uns dabei helfen, diesen Inhalt zu verbessern?
Änderung vorschlagen

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice