Setting name

Description

<%GS_USERSESSIONALLOWNEWSESSIONS%>

If set to false no new user sessions can be created. The server is the closed. Existing sessions will stay untouched.

Default: true

User sessions & security: Authentication slowing threshold

Number of consecutive failed authentication attempts after which the server automatically slows down the response to authentication attempts.

Default: 100

User sessions & security: Authentication locking threshold

Number of consecutive failed authentication attempts after which a user is locked. See Repeated authentication failure for details

Default: 10

User sessions & security: Default User session timeout [s]

The default threshold in seconds after which a user session is considered as idle. This default value is used for newly created user sessions if the client does not negotiate another session timeout with the Application Server.

Default: 1800 seconds.

User sessions & security: Maximum allowed user session timeout [s]

Clients can negotiate a user session idling threshold with the Application Server that is anywhere between 300 seconds and this value.

Default: 3600 seconds

Validation: ≥ 300

User session abandoned threshold

The threshold in in hours after which a user session is considered as abandoned.

Default value: 2h

Validation: ≥ 0.25 and ≤ 168

User sessions & security: Maximum password age [d]

Time span in days after which users have to change their password.

Default: 3650