Configuring account lockout protection
Use PingFederate’s functionality to customize your account lockout protection settings.
Steps
-
Edit the
com.pingidentity.common.security.AccountLockingService.xml
file, located in the<pf_install>/pingfederate/server/default/data/config-store
directory.For more information, see the inline comments and the following table.
Property Description MaxConsecutiveFailures
The maximum number of failed attempts before a user is locked out for a time period.
The default value is
3
.The per-instance setting in the HTML Form Adapter and the Username Token Processor overrides this property.
LockoutPeriod
The amount of time in minutes that a user is locked out when the
MaxConsecutiveFailures
threshold is reached.The default value is
1
minute.If you have a PingFederate clustered environment, edit this file on the console node.
-
Save the change.
-
Restart PingFederate.
-
If you have a PingFederate clustered environment, click Replicate Configuration in System → Server → Cluster Management.