Support Article

Failed login count with Pega 7.2.1

SA-36456

Summary



When user uses the external authentication, the security policies does not get applied but user has requirement to filter client IP address, so they use PRCustom and created authentication activity.

On the activity they created password check and it acted correctly.

But the security policy does not work, they set "Failed login attempts before employing authentication lockout penalty" as "3", and when entered wrong password more than three times, nothing happens.


Error Messages



Not Applicable


Steps to Reproduce



Not Applicable


Root Cause



Security policies are not applied when custom authentication is used.

Resolution



Perform the following local-change:

For PRCustom authentication "authentication lockout penalty mechanism" can be enabled and is applicable only when "Use SSL" is enabled.

This can be enabled in the custom tab of Authentication Service rule.


Published April 13, 2017 - Updated May 2, 2017

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.