Configuring Gift and Loyalty Lockout Settings

After you install the Gift and Loyalty application and database, you can configure database settings that control how the system handles account lockouts.

1. Connect to the Gift and Loyalty database.
2. Configure the following options in the iCare_config_Options table:

   Option	Description
   iCard.lockout.numTries	The unsuccessful login attempt on which the system locks the account or blocks the IP address. The default value is 10.
   iCard.lockout.evaluationTimeInSecs	Number of seconds over which the system tracks successful and unsuccessful login requests. The default value is 5 seconds.
   iCard.lockout.lockoutTimeInMins	Number of minutes for which the system locks the account. The default is 240 minutes.

3. To whitelist IP addresses, add the addresses to the icare_whitelisted_ips database table.

The system evaluates iCare_config_Options settings as follows:

• The system evaluates the iCard.lockout.numTries and iCard.lockout.evaluationTimeInSecs values to determine if an IP address is blocked. It is possible for an IP address to be blocked even if an account is not locked.

  Using the default values as an example, if 10 attempts are made from the same IP address within 5 seconds, the IP address is blocked for the duration defined in iCard.lockout.lockoutTimeInMins (default: 240).

• The system evaluates the iCard.lockout.numTries to determine if the account is locked.

  Using the default values as an example, if 10 consecutive unsuccessful login attempts are made to an account, the account is locked for the duration defined in iCard.lockout.lockoutTimeInMins (default: 240).

When you make changes to the icare_whitelisted_ips table and iCare_config_Options table, the changes do not take effect for approximately 15 minutes. Restart the Gift and Loyalty application server to immediately implement the changes.