Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.
-
Edit the
com.pingidentity.common.security.AccountLockingService.xml
file, located in the
<pf_install>/pingfederate/server/default/data/config-store
directory.
For more information, see the inline comments and the following table.
Property Description DoPasswordLocking Enable ( true
) or disable (false
) password spraying prevention.The default value is
false
.MaxPasswordAttempts The maximum number of failed attempts before a password is locked out for a time period. Applicable only if password spraying prevention is enabled.
The default value is
5
.PasswordLockoutPeriod The amount of time in minutes that a password is locked out when the MaxPasswordAttempts threshold is reached. Applicable only if password spraying prevention is enabled.
The default value is
5
minutes.If you have a PingFederate clustered environment, edit this file on the console node.
- Save the change.
- Restart PingFederate.
- If you have a PingFederate clustered environment, click Replicate Configuration on System > Server > Cluster Management.