Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Brett Allen (BrettAllen)
PEGA
Principal Technical Architect
Pegasystems Inc.
US
BrettAllen Member since 2015 8 posts
PEGA
Posted: May 16, 2018
Last activity: Jun 21, 2018
Posted: 16 May 2018 12:15 EDT
Last activity: 21 Jun 2018 10:01 EDT
Closed
Solved

PRSecurityException with lockout penalty enabled

The security policy landing page allows us to configure a lockout penalty after a certain number of failed attempts. One option is to lock the account, the other is to impose an increasing delay after each failed login attempt.

After 3 failed login attempts, Pega throws a PRSecurityException and displays the Status Fail message. This prevents the lockout penalty mechanism from working. Is this still supposed to happen when the authentication lockout penalty mechanism is enabled?

To see attachments, please log in.
Security

Accepted Solution

Posted: 6 years ago
Posted: 21 Jun 2018 10:01 EDT
Brett Allen (BrettAllen)
PEGA
Principal Technical Architect
Pegasystems Inc.
US

After discussion with Brad Tainter we determined that the DSS Pega-Engine, authentication/maxLoginAttemptsCount needs to be increased beyond 3.

Thanks

To see attachments, please log in.

Accepted Solution

Posted: 6 years ago
Posted: 21 Jun 2018 10:01 EDT
Brett Allen (BrettAllen)
PEGA
Principal Technical Architect
Pegasystems Inc.
US

After discussion with Brad Tainter we determined that the DSS Pega-Engine, authentication/maxLoginAttemptsCount needs to be increased beyond 3.

Thanks

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice