We have enter wrong password 25 times, but sonatqube is still able to login the user. Is there any configuration to block user if user enter wrong password multiple times?
Hey there.
SonarQube doesn’t put a limit of max login attempts to local accounts. For that reason, we suggest using delegated authentication, where the identity provider (LDAP, SAML) is in control of how many login attempts are allowed.
That said, I’ll flag this post for a PM to have a look, because I know we are currently looking at implementing password complexity for local accounts.