This chapter will guide you through the steps required to configure reCAPTCHA module in Onegini IdP. reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a test to tell human and bots apart. It is easy for humans to solve, but hard for “bots” and other malicious software to figure out. By adding reCAPTCHA to a site, you can block automated software while helping your welcome users to enter with ease.
What you will need
To successfully complete this topic guide you need to ensure following prerequisites:
- have access to an Google account which will be used for generating the reCAPTCHA keys
Generate reCAPTCHA in Google
Visit https://www.google.com/recaptcha and click blue
Get reCAPTCHA button on the top right corner. Navigate to
Register a new site section
and fill in the form following google instructions.
Configure reCAPTCHA in Onegini IdP
After successful keys generation on google visit the http://idp-core.dev.onegini.me:8082/admin page and login to Onegini IdP admin console.
Smart security menu option and navigate to
ReCaptcha configuration tab. Fill in the form as follows:
Secret key- paste generated secret key
Site key- paste generated site key
Enabled- mark reCaptcha functionality as enabled
Save your settings.
button on the top right corner. Navigate to
Your reCAPTCHA sites and choose your site. Move the security preference slider to
easiest for users.
Keep in mind that with this setting reCAPTCHA won't be able to use all of its security features.
To test reCaptcha module please try login to Onegini IdP given invalid credentials at least five times. Then you will should see reCAPTCHA module under password field. Now you should only be able to login once reCAPTCHA is confirmed.
For test purposes you may use reCAPTCHE keys generated by Google. With the following test keys, you will always get No CAPTCHA and all verification requests will pass.
- site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
- secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
The reCAPTCHA widget will show a warning message to claim that it's only for testing purpose. Please do NOT use these keys in production environment.