Hi Marvin, Thanks for the quick response. That really clears things up. I remembered seeing a link to your issue on the wiki page, though the context made me think it was only relevant to the in-memory approach, not the inspektr approach. Looking at the code you committed I can see how it impacts both methods. If it's alright, I think I'll update the wiki with a small section explaining the new behavior of throttling based on what you've told me.
Thanks, Evan On Wed, Oct 31, 2012 at 1:20 PM, Marvin Addison <[email protected]>wrote: > > As you can see from my configuration, I want to allow up to 10 failed > login > > attempts in one minute. I tried it out, but was blocked after only 3 > > attempts. > > I am responsible for this behavior: > > https://issues.jasig.org/browse/CAS-1107 > > I hope I can convince you that it is indeed an improvement. The > throttles enforce a _rate_ defined in failed attempts per minute. You > configured 10/minute, which is one authentication every six seconds. > Thus if you attempted even two successively in less than six seconds, > the throttle flag would be set, and the third attempt would fail. > Waiting more than six seconds for a subsequent authentication would > allow the flag to be cleared and the authentication to proceed. > > The discussion on the issue goes into further detail and analysis of > the behavior; review the unit tests for the gory details. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Evan Sheffield *Developer* iVantage Health Analytics™ | Formerly HMC, Inc. 300 Chestnut Street, Suite 101 | Needham, MA 02492 o: 781.449.5287 | f: 781.449.8058 email: [email protected] web: www.iVantageHealth.com<http://www.ivantagehealth.com/> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
