Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Hybrid Client does not enforce auth lockout rules offline

SA-48161

Summary



Under Designer Studio>Org & Security>Authentication>Security Policies, user can define a lockout penalty mechanism which affects desktop clients.

The intent is that the same policies will be enforced in the hybrid client while offline. This prevents user from placing the device in airplane mode and then attempting to guess the password multiple times while offline.

One of the settings provides for a delay between authentication attempts after a certain number of failed logins.

That setting does not appear to be working.

Error Messages



Not Applicable


Steps to Reproduce



1. Set the lockout penalty mechanism to Enabled, the number of failed attempts to five, and the lockout penalty to 30 seconds.
2. Build and install an offline-enabled iOS application.
3. Place the device in airplane mode and attempt to log in with a bad password more than five times.
4. Observe that the user is not subject to a delay in between subsequent login attempts.


Root Cause



A defect in Pegasystems’ code or rules.

Resolution



Update to Pega 7.3.1 to resolve the issue.

 

Tags:

Pega Platform 7.3 Pega Platform Platform

Published July 23, 2018 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us