Captcha on webapp login page

Note: Bringing this back from Google Group for active conversation.

Hi Team,

To avoid brute force attacks, it is possible to configure a Captcha in webapp (tasklist/cockpit) login page. Captcha should ideally show up after x number of failed attempts (configurable). If this is not something possible with current setup, could you advise on the best way of implementing it. May be we can create a small plugin that others might use it?

Thanks for your time.

If it is only to prevent brute-force attacks, you could do something on the server side only.
You could limit the amount of login attempts for a given time range, like: after 3 failed attempts, login for the user is blocked for 3 minutes (or more). No need for captcha. IMVHO

Thanks Vale. Any idea which component to look at to achieve this please.

Hi Bharat, unfortunately, I have absolutely no idea how to do that but I guess that @Philipp_Ossler or @thorben may give a hint.

Any thoughts @Philipp_Ossler and @thorben ?

Hi @Bharat,

This should be possible, but I am afraid we cannot help you with designing how such a solution could look like. That would take the free support we provide here too far and consume time that we prefer to spend on developing Camunda BPM. I personally also don’t know an existing library (e.g. in form of a servlet filter) for this use case.

If you have something specific in mind that you want to build and you look for certain points where you can extend the login procedure, then we are happy to give you the appropriate pointers to the code.


Thanks for your reply @thorben

Just looking for some hints so I can build it more like a component so others can reuse it. Other than that, I have no intention of wasting your precious time. Sorry for the confusion.