Security Policy Customization - DEPRECATED

Last modified 22 Apr 2021 17:31 +02:00
Deprecated
This functionality is deprecated. The functionality is still supported and maintained, but it will no longer be extended. The plan is to remove this functionality sooner or later. Users of this functionality are strongly encouraged to stop using this functionality and migrate to a newer equivalent. Please use the replacement functionality instead.

This page will guide you through midPoint security policy settings.

Maximum Number of Failed Logins

Maximum Number of Failed Logins limits maximum subsequent unsuccessfull user login attempts. If exceeded, user is locked and can’t log in unless "Login Timeout" time has passed. By default, Maximum Number of Failed Logins is set to 3.
To change Maximum Number of Failed Logins, edit the <tomcat>\webapps\midpoint\WEB-INF\ctx-security.xml and find "maxFailedLogins" property in "midPointAuthenticationProvider" section:

<beans:bean id="midPointAuthenticationProvider" class="com.evolveum.midpoint.web.security.MidPointAuthenticationProvider">
  ...
  <beans:property name="maxFailedLogins">
    <beans:value type="java.lang.Integer">3</beans:value>
  </beans:property>
</beans:bean>

You have to restart the application server after this change.

Do not change anything else unless you know what you are doing.

Login Timeout

Login Timeout specifies how long (in minutes) will be user locked after the "Maximum Number of Failed Logins" is reached. By default, Login Timeout is set to 15 minutes, that means user will be able to log in again after 15 minutes.
To change Login Timeout, edit the <tomcat>\webapps\midpoint\WEB-INF\ctx-security.xml and find "loginTimeout" property in "midPointAuthenticationProvider" section:

<beans:bean id="midPointAuthenticationProvider" class="com.evolveum.midpoint.web.security.MidPointAuthenticationProvider">
  <beans:property name="loginTimeout">
    <beans:value type="java.lang.Integer">15</beans:value>
  </beans:property>
  ...
</beans:bean>

You have to restart the application server after this change.

Do not change anything else unless you know what you are doing.