product-is
product-is copied to clipboard
wso2
RC Based Product Testing Task Effort
Managing account locking by failed login attempts:
-
Enable Account Locking Configuration:
-
Description: Test the functionality of enabling account locking configuration for failed login attempts.
-
Mimic Account Locking:
-
Description: Test the functionality of account locking by simulating consecutive failed login attempts.
Via UI
Access Login Attempts Settings:
Description: Test the functionality of accessing the login attempts settings in the WSO2 Identity Server Console. Test Steps:
- [ ] Log in to the WSO2 Identity Server Console.
- [ ] Navigate to Login & Registration > Login Security > Login Attempts.
- [ ] Verify that the login attempts settings page is accessible.
- [ ] Adjust Login Attempts Settings:
Description: Test the functionality of adjusting the login attempts settings according to security requirements. Test Steps: Access the login attempts settings page in the WSO2 Identity Server Console. Verify that settings such as maximum login attempts, lockout duration, and other relevant parameters are adjustable. Adjust the settings to simulate different scenarios for managing login attempts. Save the changes. Verify that the changes are successfully applied. Verify Default Settings:
Description: Test the functionality of verifying the default login attempts settings. Test Steps: Access the login attempts settings page in the WSO2 Identity Server Console. Verify the default settings for parameters such as maximum login attempts and lockout duration. Ensure that the default settings comply with security best practices. Update and Save Changes:
Description: Test the functionality of updating and saving changes made to the login attempts settings. Test Steps: Adjust the login attempts settings as per test requirements. Click on the "Update" button to save the changes. Verify that changes are successfully saved and reflected in the system. Verify Policy Enforcement:
Description: Test the functionality of verifying the enforcement of the login attempts policy. Test Steps: Set the maximum login attempts to a low value (e.g., 3 attempts). Attempt to log in with invalid credentials for more than the specified maximum attempts. Verify that after exceeding the maximum attempts, the user is locked out for the configured lockout duration. Attempt to log in again after the lockout duration has elapsed. Verify that the user can log in successfully.