Support Article
Hybrid Client does not enforce auth lockout rules offline
SA-48161
Summary
Under Designer Studio>Org & Security>Authentication>Security Policies, user can define a lockout penalty mechanism which affects desktop clients.
The intent is that the same policies will be enforced in the hybrid client while offline. This prevents user from placing the device in airplane mode and then attempting to guess the password multiple times while offline.
One of the settings provides for a delay between authentication attempts after a certain number of failed logins.
That setting does not appear to be working.
Error Messages
Not Applicable
Steps to Reproduce
1. Set the lockout penalty mechanism to Enabled, the number of failed attempts to five, and the lockout penalty to 30 seconds.
2. Build and install an offline-enabled iOS application.
3. Place the device in airplane mode and attempt to log in with a bad password more than five times.
4. Observe that the user is not subject to a delay in between subsequent login attempts.
Root Cause
A defect in Pegasystems’ code or rules.
Resolution
Update to Pega 7.3.1 to resolve the issue.
Published July 23, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.