Overview
There is a Migration that allows Brute Force Unblock screens to be customized with the Universal Login. When using a Page Template to customize the Universal Login page, reusing a Brute Force Unblock link can lead to an error page that does not have some of the branding customizations made with the Page Template. This article will cover how this can happen.
Applies To
- Brute Force Unblock Links
- Page Templates
Cause
When a user is blocked, information about the context of the block is retained (eg, tenant, org, client_id). The unique unblock link is tied to this stored data; once the link is used and the user is unblocked, that data is deleted. If the user clicks the link again, that data is no longer available, so certain variables that the Page Template may rely on for branding, including application, tenant, organization, and user variables, will be undefined.
Solution
This can be handled more generally within a Page Template script by checking for the prompt name “brute-force-protection”, and screen name “brute-force-protection-unblock-failure”, and if the branding variables are undefined, instead show some more general branding.