1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    For more information, refer to the inline comments and the following table.
    Property Description
    DoPasswordLocking Enable (true) or disable (false) password spraying prevention.

    The default value is false.

    MaxPasswordAttempts The maximum number of failed attempts before a password is locked out for a time period.

    Applicable only if password spraying prevention is enabled.

    The default value is 5.

    PasswordLockoutPeriod The amount of time (in minutes) that a password is locked out when the MaxPasswordAttempts threshold is reached.

    Applicable only if password spraying prevention is enabled.

    The default value is 5 (minutes).

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.
  3. Restart PingFederate.
  4. If you have a PingFederate clustered environment, click Replicate Configuration on the System > Cluster Management screen.