Configuring password spraying prevention - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.

  1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    For more information, see the inline comments and the following table.
    Property Description
    DoPasswordLocking Enable (true) or disable (false) password spraying prevention.

    The default value is false.

    MaxPasswordAttempts The maximum number of failed attempts before a password is locked out for a time period.

    Applicable only if password spraying prevention is enabled.

    The default value is 5.

    PasswordLockoutPeriod The amount of time in minutes that a password is locked out when the MaxPasswordAttempts threshold is reached.

    Applicable only if password spraying prevention is enabled.

    The default value is 5 minutes.

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.
  3. Restart PingFederate.
  4. If you have a PingFederate clustered environment, click Replicate Configuration on System > Server > Cluster Management.