PingFederate Server

Configuring user account lockout settings

Configure settings to lock user accounts based on too many failed authentication attempts.

Steps

  1. Edit the <pf_install>/pingfederate/server/default/data/config-store/com.pingidentity.common.security.AccountLockingService.xml file.

    The following table provides more information about the file properties.

    If you’re running PingFederate in a clustered environment, edit this file on the console node.
    Property Description

    MaxConsecutiveFailures

    The maximum number of failed attempts before a user is locked out for a time period.

    The default value is 3.

    The per instance setting in the HTML Form Adapter and the Username Token Processor overrides this property.

    LockoutPeriod

    The amount of time in minutes that a user is locked out when the MaxConsecutiveFailures threshold is reached.

    The default value is 1 minute.

  2. Save the change.

  3. Restart PingFederate.

  4. If you’re running PingFederate in a clustered environment, click Replicate Configuration in System > Server > Cluster Management.