Configuring the failed login attempts control policy

[Oscar Eduardo Cruz Lesmes]

Hello, 

I am configuring the failed login attempts control policy to lock the account after three attempts with the following configuration.

When performing the test after 3 attempts in the 4, the account is blocked for a few minutes, but not for 60 minutes as it appears in the rangeSeconds=3600 parameter.

Also, when I open a different web browser where I did the first test, the system allows me to enter and should not allow it since the account should be blocked.

Please know if another person has already made this configuration and how to do it.

Thanks for your help.

 

[Ray Bon]

Oscar,

Throttle settings are a ratio (threshold:rangeSeconds), so you have one attempt in 1800s. Probably a little long for human error ;)

If you want to include IP address you will most likely have to use one of the systems listed at the bottom of the page, https://apereo.github.io/cas/6.4.x/authentication/Configuring-Authentication-Throttling.html

Ray

On Wed, 2022-03-16 at 10:27 -0700, Oscar Eduardo Cruz Lesmes wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.