Hello, In order to help thwart brute-force password cracking, I'd like my cas v3.4.11 login page to throttle failed login attempts.
I followed the directions here: https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts using the 'In-Memory Approach', but as far as I can tell, no throttling is being done: - nothing is logged to my cas.log file; - my apache front-end does not log any 403 errors; - I can successfully login after 8 consecutive failures in 5 seconds. Any ideas why it's not working? My cas-servlet.xml and throttleInterceptorTrigger.xml files are attached. Thanks, Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin 414-290-6759 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
cas-servlet.xml
Description: XML document
throttleInterceptorTrigger.xml
Description: XML document
