PingFederate Server

Configuring password spraying prevention

Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.

Steps

  1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

    For more information, see the inline comments and the following table.

    Property Description

    DoPasswordLocking

    Enable (true) or disable (false) password spraying prevention.

    The default value is false.

    MaxPasswordAttempts

    The maximum number of failed attempts before a password is locked out for a time period.

    Applicable only if password spraying prevention is enabled.

    The default value is 5.

    PasswordLockoutPeriod

    The amount of time in minutes that a password is locked out when the MaxPasswordAttempts threshold is reached.

    Applicable only if password spraying prevention is enabled.

    The default value is 5 minutes.

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.

  3. Restart PingFederate.

  4. If you have a PingFederate clustered environment, click Replicate Configuration on System → Server → Cluster Management.