> I have made 4 attempts in less than 120s. > Configuration is a threshold of 2 for a range of 120s :
Those parameters define the _average_ authentication failure threshold rate. Thus you have defined an average failure rate of 1 per minute. That seems overly strict to me, but perhaps it makes sense for your environment. Your failed login timestamps: 2013-02-21 15:14:32,617 2013-02-21 15:14:34,493 2013-02-21 15:14:37,313 2013-02-21 15:14:43,241 Throttling should have been applied on the third login attempt since it occurred well under the threshold. (You'd have to wait 60s to reauthenticate.) Can you post your complete throttle wiring for review? I suspect it's not properly wired into the handler interceptor. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
