PingFederate Server

Configuring account lockout protection

Use PingFederate’s functionality to customize your account lockout protection settings.

Steps

  1. Edit the com.pingidentity.common.security.AccountLockingService.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

    The following table provides more information about properties in the com.pingidentity.common.security.AccountLockingService.xml file.

    Property Description

    MaxConsecutiveFailures

    The maximum number of failed attempts before a user is locked out for a time period.

    The default value is 3.

    The per-instance setting in the HTML Form Adapter and the Username Token Processor overrides this property.

    LockoutPeriod

    The amount of time in minutes that a user is locked out when the MaxConsecutiveFailures threshold is reached.

    The default value is 1 minute.

    If you have a PingFederate clustered environment, edit this file on the console node.

  2. Save the change.

  3. Restart PingFederate.

  4. If you have a PingFederate clustered environment, click Replicate Configuration in System > Server > Cluster Management.