To configure session quota constraints, the top-level Access Manager administrator (such as amAdmin) must set specific attributes in the Access Manager Console for one of the Access Manager instances in your deployment.
Log in to Access Manager Console as a top-level Access Manager administrator (such as amAdmin) .
Set the following attributes in the Access Manager Console for one of the Access Manager instances.
Enable Quota Constraints is a global attribute that enables or disables the session quota constraints feature. If this attribute is enabled, Access Manager enforces session quota constraints whenever a user attempts to logs in via a new client (and thus create a new session).
The default is disabled (OFF).
Read Timeout for Quota Constraint defines the time in milliseconds that an inquiry to the session repository for the active user session counts continues before timing out. If the maximum wait time is reached due to the unavailability of the session repository, the session creation request is rejected.
The default is 6000 milliseconds.
Resulting Behavior If Session Quota Exhausted determines the behavior if a user exhausts the session constraint quota. This attribute takes effect only if the “Enable Quota Constraints” attribute is enabled. Values can be:
DENY_ACCESS. Access Manager rejects the login request for a new session.
DESTROY_OLD_SESSION. Access Manager destroys the next expiring existing session for the same user and allows the new login request to succeed.
The default is DESTROY_OLD_SESSION.
Exempt Top-Level Admins From Constraint Checking specifies whether session constraint quotas apply to the administrators who have the Top-level Admin Role. This attribute takes effect only if the “Enable Quota Constraints” attribute is enabled.
The default is NO.
The super user defined for Access Manager in the AMConfig.properties file (com.sun.identity.authentication.super.user) is always exempt from session quota constraint checking.
Active User Sessions defines the maximum number of concurrent sessions for a user. Access Manager includes both a dynamic attribute and a user attribute, with same attribute name.
The default is 5.
If you reset any of these attributes, you must restart the server for the new value to take effect.
When you have finished click Save.