Fabio, The threshold throttle is a rate. In your example it works out to 1 failed attempt in 100 seconds. Any user will try a second time within that 100 seconds. Set the numbers to a reasonable user action time - how long does it take for a user to type and press enter, maybe 5 seconds. Set threshold at 1 and range at 5.
Ray On Thu, 2018-01-11 at 15:13 +0100, Fabio Martelli wrote: Hi All, is there someone that can give me some tips to implement temporary account lockout after 3 consecutive failed login attempts? It seems that authentication throttling is something really different. If I got it, authentication throttling is used to temporary inhibit successful authentication attempts after a failed one. For example, with a configuration like as * failureThreshold: 3 * failureRangeInSeconds: 300 If a failed authentication attempt occurs, all the following attempts will fails (resulting in 423) for 100 seconds (300/3 -> thresholdRate 0.01). As anticipated, I would lockout a user after 3 consecutive failed login attempts occurred within 60 seconds. Is it possible? Thank you in advance for your help. BR, F. -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm Apache Syncope PMC http://people.apache.org/~fmartelli/ -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1515696550.1878.110.camel%40uvic.ca.
