Configuring password spraying prevention

Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.

Steps

Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

For more information, see the inline comments and the following table.

Property Description

Property	Description
DoPasswordLocking	Enable (`true`) or disable (`false`) password spraying prevention. The default value is `false`.
MaxPasswordAttempts	The maximum number of failed attempts before a password is locked out for a time period. Applicable only if password spraying prevention is enabled. The default value is `5`.
PasswordLockoutPeriod	The amount of time in minutes that a password is locked out when the `MaxPasswordAttempts` threshold is reached. Applicable only if password spraying prevention is enabled. The default value is `5` minutes.

DoPasswordLocking

Enable (true) or disable (false) password spraying prevention.

The default value is false.

MaxPasswordAttempts

The maximum number of failed attempts before a password is locked out for a time period.

Applicable only if password spraying prevention is enabled.

The default value is 5.

PasswordLockoutPeriod

The amount of time in minutes that a password is locked out when the MaxPasswordAttempts threshold is reached.

Applicable only if password spraying prevention is enabled.

The default value is 5 minutes.

If you have a PingFederate clustered environment, edit this file on the console node.

Save the change.
Restart PingFederate.
If you have a PingFederate clustered environment, click Replicate Configuration on System → Server → Cluster Management.

PingFederate Server

Configuring password spraying prevention

Steps