Fabio, The threshold throttle is a rate. In your example it works out to 1 failed attempt in 100 seconds. Any user will try a second time within that 100 seconds. Set the numbers to a reasonable user action time - how long does it take for a user to type and press enter, maybe 5 seconds. Set threshold at 1 and range at 5.
Ray On Thu, 2018-01-11 at 15:13 +0100, Fabio Martelli wrote: Hi All, is there someone that can give me some tips to implement temporary account lockout after 3 consecutive failed login attempts? It seems that authentication throttling is something really different. If I got it, authentication throttling is used to temporary inhibit successful authentication attempts after a failed one. For example, with a configuration like as * failureThreshold: 3 * failureRangeInSeconds: 300 If a failed authentication attempt occurs, all the following attempts will fails (resulting in 423) for 100 seconds (300/3 -> thresholdRate 0.01). As anticipated, I would lockout a user after 3 consecutive failed login attempts occurred within 60 seconds. Is it possible? Thank you in advance for your help. BR, F. -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/index.html?pk_campaign=email&pk_kwd=fm Apache Syncope PMC http://people.apache.org/~fmartelli/ -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1515696550.1878.110.camel%40uvic.ca.