Posted: 16 May 2018 12:15 EDT Last activity: 21 Jun 2018 10:01 EDT
PRSecurityException with lockout penalty enabled
The security policy landing page allows us to configure a lockout penalty after a certain number of failed attempts. One option is to lock the account, the other is to impose an increasing delay after each failed login attempt.
After 3 failed login attempts, Pega throws a PRSecurityException and displays the Status Fail message. This prevents the lockout penalty mechanism from working. Is this still supposed to happen when the authentication lockout penalty mechanism is enabled?