When accessing CAS, you are permitted a limited number of login attempts before your browser's IP address will be locked out ("banned").

This applies to every version of CAS, and includes the GB Cloud.

If you use LastPass or another online password storage utility, it may attempt to log you in automatically with an old 2FA. This will fail, and you'll exceed the threshold resulting in your IP being banned - without any effort on your part!

Failing to correctly enter all 3 credentials 5 times will result in a ban:

The resolution depends upon the server you are trying to access.

If you use the GB Cloud, please create a support ticket and request that the ban be lifted.

  • Please include your Organization Name and User Name.

  • A reset link will be sent to your email, which will lift the ban and enable a new password entry.

note

Password requirements:

  • AT LEAST 12 CHARACTERS LONG

  • CONTAIN AT LEAST ONE DIGIT

  • CONTAIN AT LEAST ONE SPECIAL CHARACTER

  • CONTAIN AT LEAST ONE UPPER CASE CHARACTER

Password requirements:

  • AT LEAST 12 CHARACTERS LONG

  • CONTAIN AT LEAST ONE DIGIT

  • CONTAIN AT LEAST ONE SPECIAL CHARACTER

  • CONTAIN AT LEAST ONE UPPER CASE CHARACTER

If you run your own CAS server:

First, determine your browser's IP address by visiting:

https://whatismyip.com

Login to the CAS CLI, and type:

sudo /batm/batm-manage unban-ip 123.456.789.1

CAS should report success, and you may login to the GUI again.

Make sure to immediately re-enable 2FA and implement a strong password!

Reference: batm-manage: the CAS CLI Toolkit

Troubleshooting:

If 2FA repeatedly fails, the global clock used by Google Authenticator may be unsynchronized.

  • Try synchronizing Google Authenticator's clock.