Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents

Login Attempt Limit in J2EE Agents

When a user tries to access a protected resource without having authenticated with OpenSSO Enterprise Authentication Services, the request is treated as a request with insufficient credentials. The default action taken by the agent when it encounters such a request is to redirect the user to the next available login URL as configured with the property labeled Login Attempts Limit (Tab: Global, Name: com.sun.identity.agents.config.login.attempt.limit).

Despite the repeated redirects performed by the agent, the user could still be unable to furnish the necessary credentials. In such a case, the agent can be directed to block such a request.

If a non-zero positive value is specified for this property, the agent will only allow that many attempts before it blocks the access request without the necessary credentials. When set to a value of zero, this feature is disabled.

To guard against potential denial-of-service attacks on your system, enable this feature.