This chapter will guide you through the steps required to configure the captcha module in Onegini IdP. A “CAPTCHA” is a test to tell humans and bots apart. It is easy for humans to solve but hard for “bots” and other malicious software to figure out. Captcha prevents accounts from getting blocked by an automated script. The captcha needs to be solved during the last password try for an account. Onegini IdP supports two types of captcha.
reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. successfully complete this topic make sure you have access to an
Google account. Next visit reCAPTCHA Admin and
Register a new site by
filling the form.
choose your site. Open the site settings and move the security preference slider to
easiest for users. Keep in mind that with this setting reCAPTCHA won't be
able to use all of its security features.
Keep in mind that with this setting reCAPTCHA won't be able to use all of its security features.
To test reCaptcha module please try login to Onegini IdP given invalid credentials at least five times. Then you will should see reCAPTCHA module under password field. Now you should only be able to login once reCAPTCHA is confirmed.
For test purposes you may use reCAPTCHE keys generated by Google. With the following test keys, you will always get No CAPTCHA and all verification requests will pass.
- site key:
- secret key:
The reCAPTCHA widget will show a warning message to claim that it's only for testing purpose. Please do NOT use these keys in production environment.
Friendly Captcha was introduced as a GDPR-compliant alternative to reCAPTCHA. Thus you will need to purchase the Advanced or Enterprise plan. Once you get the
account, follow this guide to generate a sitekey. After this, you will have to
secret key. To do that, log in to Friendly Captcha, select your organization, navigate to
API Keys, and
Create an API key.
Configure captcha in Onegini IdP¶
Once you have the keys, log in to Onegini IdP admin console. Select
Smart security menu option and navigate to
Captcha configuration tab. Fill in
the form as follows:
Captcha integration- choose integration type
Secret key- paste generated secret key
Site key- paste generated site key
Enabled- mark reCaptcha functionality as enabled
Save your settings. If the default CSP settings were modified, you might need to add these domains to ensure the captcha is working.