ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Is there a way to avoid a Brute Force Attack to lock all user accounts from my User Store?
Article ID: 52250
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description:
How to avoid a Brute Force Attack to lock all user accounts from my User Store?
Solution:
To stop a Brute Force Attack from the internet against your User Store, you have first to filter requests by IP's on:
- Firewall
- Reverse proxy
And you can avoid getting massive locked accounts by setting the Password Policy to re-enable the User's account after a period of time by the "Expiration" Tab of the Password Policy.
Environment
Release:
Component: SMPLC
Component: SMPLC
Feedback
Yes
No
Powered by
