Temporary locking configuration in the JSP-Loginapp

Temporary Locking is activated by editing the corresponding settings in Loginapp >> Authentication Settings > Locking Settings > Temporary Locking Settings (HTML):

Configuration example

Temporary locking is a global setting that applies to all applications simultaneously once it is configured as follows:


The settings are used to calculate the time according to the following formula: 

(Base Duration) * (Exponential Factor)^(n-1) + (Additional Duration)*(n-1)

The following screenshot (from the Config Editor Testlet) shows the progression for the first ten failed login attempts for the above example.


Disabling temporary locking

Temporary locking cannot be disabled, but it can be configured so that repeated failed login attempts will not increase the waiting time between attempts.

Use the following parameters to do so:


The parameters Base Duration and Delay Between Login Steps should never be set below their default values since this protects the login application against timing attacks.

The Temporary Locking Settings should also be configured in the Adminapp (Adminapp >> Users >> Locking Settings >> Temporary Locking

This configuration enables the proper rendering of temporary locking information on the user detail page.