Simple MFA Rate Limiting

[Agus Santosa]

Hi, 

I have been trying to implement the rate limiting feature of Simple MFA. (with version 7.2.x)

I set the blocking to true:

cas.authn.mfa.simple.bucket4j.blocking=true

Tested with 1 client, it behaves as expected, it is blocked until token is available.

The outcome of testing with 2 clients is interesting. I used different browser with different principals. When it is blocking for one user, surprisingly it is also blocking the other user.

I am not sure if this is the expected behavior or is there something else I missed in the config.

Thanks