Hello, I'm looking for a feature of CAS 6.3 that will allow me to lock or limit users after a few failed login attempts. I have tried the failure throttling <https://apereo.github.io/cas/6.3.x/installation/Configuring-Authentication-Throttling.html#failure-throttling> module but find it confusing and not quite what I'm looking for.
The failure throttling module seems like it can only detect 2 auth failures if the second one comes in very quickly (fast enough to be caught by the defined threshold per secondRange rate). If someone slows down their authentication attempts so they occur once every second, they'll never be caught right? Also, 3 failed attempts over 15 seconds has the same effect as 2 failed attempt over 10 seconds, so if you only fail 2, you won't be allowed to try a third time. Is there another feature that would let me define an actual amount of failed logins over a period of time instead of a rate? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8b9b135d-8015-4612-bea1-d0681e494826n%40apereo.org.
