Configuring password spraying prevention
Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.
Steps
-
Edit the
com.pingidentity.common.security.AccountLockingService.xml
file, located in the<pf_install>/pingfederate/server/default/data/config-store
directory.For more information, see the inline comments and the following table.
Property Description DoPasswordLocking
Enable (
true
) or disable (false
) password spraying prevention.The default value is
false
.MaxPasswordAttempts
The maximum number of failed attempts before a password is locked out for a time period.
Applicable only if password spraying prevention is enabled.
The default value is
5
.PasswordLockoutPeriod
The amount of time in minutes that a password is locked out when the
MaxPasswordAttempts
threshold is reached.Applicable only if password spraying prevention is enabled.
The default value is
5
minutes.If you have a PingFederate clustered environment, edit this file on the console node.
-
Save the change.
-
Restart PingFederate.
-
If you have a PingFederate clustered environment, click Replicate Configuration on System → Server → Cluster Management.