Modify the account lockout settings

Available in versions: 6.3.4 and later

As a security measure, Deployment Automation locks out a user account for 30 minutes after 5 unsuccessful login attempts in a row. You can disable the lockout mechanism or change the default lockout time by modifying the server's da_config.xml file.

To change the account lockout settings:

  1. Navigate to the Common Tomcat da\WEB-INF\classes directory, for example:

    C:\Program Files\Micro Focus\common\tomcat\9.0\webapps\da\WEB-INF\classes

  2. Open the web application's da_config.xml file. This file contains your current account lockout settings.
  3. Copy the <userLockoutAutoReleaseConfig> section from the da_config.xml file.

    For example:

    Copy code
    <userLockoutAutoReleaseConfig>
       <enabled>true</enabled>
       <heartBeatInMinutes>5</heartBeatInMinutes>
       <unlockDelayInMinutes>30</unlockDelayInMinutes>
    </userLockoutAutoReleaseConfig>
  4. Navigate to the DA user profile directory where the DA server configuration is stored, for example:

    C:\Users\<username>\.microfocus\da\conf\server

  5. Open the DA user profile's da_config.xml file and paste the copied <userLockoutAutoReleaseConfig> section there.

    Note: Deployment Automation contains two da_config.xml files, one in the web application and one in the DA user profile. After the server upgrade, the web application's da_config.xml settings are restored to default. To make your modifications permanent, you need to store them in the da_config.xml file located in the DA user profile directory.

  6. In the <userLockoutAutoReleaseConfig> section, modify the following settings as needed:

    Setting Description
    enabled The account lockout mechanism is enabled by default. To turn off the lockout protection (not recommended), set this parameter to false.
    heartBeatInMinutes

    The amount of time, in minutes, Deployment Automation may take to unlock the account.

    The default heartbeat interval is 5 minutes.

    unlockDelayInMinutes

    The lockout interval, in minutes, during which the account remains locked after 5 unsuccessful login attempts or each subsequent unsuccessful login attempt.

    The default lockout interval is 30 minutes. When the lockout interval ends, the account is unlocked automatically.

    For details on how to manually unlock a user account in the Deployment Automation web interface, see Unlock user accounts.

    Example: Suppose you set the lockout interval to 30 minutes and the heartbeat interval to 10 minutes. This way, if a user account is locked out at 4:30 pm, it will be unlocked between 5:00 and 5:10 pm. But if the user makes another unsuccessful login attempt at 4:45 pm, the lockout interval starts over, and the account will be unlocked between 5:15 and 5:25 pm.

    To change the lockout threshold, which by default is set to 5 login attempts, modify the parameters of your Internal Storage authentication realm. For details, see Add an Internal Storage authentication realm.

  7. Save the da_config.xml file.
  8. Restart Common Tomcat.

Back to top

See also: