Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Tried to implement MFA based on login attempts based on this documentation but was not able to successfully add that functionality. Even after exceeding the threshold of incorrect logins (i.e. 3 incorrect logins) The next successful login would by pass the additional Authenticator app step and successfully log the user in.
After a few discussions with @Thumimku figured out that it works after you activate the account locking from login attempts.
This should be stated in the documentation to get correct functionality
IS Version - WSO2 IS 7.0.0 RC2
Improvement
State that account locking should be enabled for the MFA based on login attempts to work correctly
Additional context
There is another issue with this approach as it binds the account locking and MFA based on login attempts functionalities. A user that may require just one of these will not be able to implement it.
Tried to implement MFA based on login attempts based on this documentation but was not able to successfully add that functionality. Even after exceeding the threshold of incorrect logins (i.e. 3 incorrect logins) The next successful login would by pass the additional Authenticator app step and successfully log the user in.
After a few discussions with @Thumimku figured out that it works after you activate the account locking from login attempts. This should be stated in the documentation to get correct functionality
IS Version - WSO2 IS 7.0.0 RC2
Improvement State that account locking should be enabled for the MFA based on login attempts to work correctly
Additional context There is another issue with this approach as it binds the account locking and MFA based on login attempts functionalities. A user that may require just one of these will not be able to implement it.