Hello,
I'm attempting to configure throttling for a 4.2 installation. As the 4.2
documentation
<http://jasig.github.io/cas/4.2.x/installation/Configuring-Authentication-Throttling.html>
appears to be incomplete I've tried to use the 4.1 documentation
<http://jasig.github.io/cas/4.1.x/installation/Configuring-Authentication-Throttling.html>
as a secondary reference.
I've done the following:
- Replace <alias name="neverThrottle" alias="authenticationThrottle" />
with <alias name="inMemoryIpAddressUsernameThrottle"
alias="authenticationThrottle" /> in deployerConfigContext.xml
- Set the following properties in cas.properties (deployed to /etc/cas)
based on the 4.1 docs
- cas.throttle.failure.threshold=5
- cas.throttle.failure.range.seconds=3
- cas.throttle.username.parameter=username
I haven't filled in anything for the following properties; they remain
commented
- cas.throttle.appcode
- cas.throttle.authn.failurecode
- cas.throttle.audit.query
I've tried testing this two ways:
- 4 browser windows with rapid clicking (all 4 attempts in less than 3
seconds)
- 25 login attempts via the REST API (POST against /cas/v1/tickets)
Both continue to succeed. Can anyone point out what I'm missing?
Thank you much,
Mike
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5221375c-0908-43cd-b137-be0be8031817%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
