Configuring password spraying prevention - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

Configure how password spraying prevention functions within your PingFederate environment to customize your login security experience.

  1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    For more information, see the inline comments and the following table.
    Property Description
    DoPasswordLocking Enable (true) or disable (false) password spraying prevention.

    The default value is false.

    MaxPasswordAttempts The maximum number of failed attempts before a password is locked out for a time period.

    Applicable only if password spraying prevention is enabled.

    The default value is 5.

    PasswordLockoutPeriod The amount of time in minutes that a password is locked out when the MaxPasswordAttempts threshold is reached.

    Applicable only if password spraying prevention is enabled.

    The default value is 5 minutes.

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.
  3. Restart PingFederate.
  4. If you have a PingFederate clustered environment, click Replicate Configuration on System > Server > Cluster Management.