Password Filter

Use this option to set the password filter synchronization mode (see Synchronization mode).

• Asynchronous. If in asynchronous mode, password change requests are queued and propagated asynchronously to the domain controller.

• Synchronous. If in synchronous mode, password change requests are propagated immediately while the domain controller is being blocked waiting for successful password synchronization.

The default setting is Asynchronous.

Select this option to allow password changes when the password filter is disabled. If the password filter is disabled and a user changes the password, it is no longer synchronized with the password stored by OneSpan Authentication Server.

Clear this option to prevent password changes when the password filter is disabled. In this case, users will receive an error message when trying to change their passwords.

Select this option to allow password changes, even if no connection to the OneSpan Authentication Server instance can be established. If you select this option and a user changes the password, it is no longer synchronized with the password stored by OneSpan Authentication Server.

Clear this option to prevent password changes, unless a connection to the OneSpan Authentication Server instance can be established. In that case, the user will receive an error message that the password does not meet the complexity requirements.

This option is available only if Password filter mode is set to Synchronous.

Enter the time span how long an idle connection to a OneSpan Authentication Server instance is kept before it is closed. This option can be used to optimize network communication, since not every password change request requires establishing a new connection. However, if this timeout is set too high, network connections may be left open unnecessarily. The value is in milliseconds.

The default setting is 30000.

Enter the time span after which the password filter retries to establish a connection to a OneSpan Authentication Server instance after an unsuccessful connection attempt. The value is in milliseconds.

This option is available only if Password filter mode is set to Asynchronous.

The default setting is 15000.

Enter the maximum time span to establish a connection to a OneSpan Authentication Server instance. After the timeout, the connection attempt is considered unsuccessful and fails. The value is in milliseconds.

This option is available only if Password filter mode is set to Synchronous.

The default setting is 3000.

Enter the maximum time span to serve a password change request by a OneSpan Authentication Server instance after a connection has been established. After the timeout, the password change request is delayed and attempted to be finished asynchronously to prevent the domain controller from being blocked indefinitely. If the password change request cannot be successfully processed asynchronously, it fails. The value is in milliseconds.

This option is available only if Password filter mode is set to Synchronous.

The default setting is 3000.

Enter the number of password change requests delayed and added to the password change queue. Password change requests remain in the password change queue until they are processed. When Password Synchronization Manager is disabled or restarted, the password change queue is flushed and all pending password change requests fail. If the password change queue is full, new password change requests are ignored and not synchronized with the OneSpan Authentication Server database.

The default setting is 1000.