Retry Limit Decision node

The Retry Limit Decision node tracks failed authentications. If the number of failed authentications is below a specified Retry Limit, the user can attempt authentication again. Otherwise, the node continues evaluation along the Reject outcome path.

Compatibility

Product	Compatible?
Advanced Identity Cloud	Yes
PingAM (self-managed)	Yes
Ping Identity Platform (self-managed)	Yes

Product

Compatible?

Advanced Identity Cloud

Yes

PingAM (self-managed)

Yes

Ping Identity Platform (self-managed)

Yes

Inputs

This node requires the realm and username properties in the incoming node state.

Implement a Platform Username node before this node in the journey.

Dependencies

This node has no dependencies.

Configuration

Property Usage

Property	Usage
Retry limit	Specify the number of retries to allow. Default: `3`
Save Retry Limit to User	Specify whether the number of failed login attempts persists across multiple journeys until authentication is successful. Possible values are: Enabled The node saves the number of failed login attempts to the `retryLimitNodeCount` attribute in the user’s profile. New flows using this node start with the stored value and continue to the retry limit. PingOne Advanced Identity Cloud resets the count after the user authenticates successfully with an authentication journey that contains this node. If PingOne Advanced Identity Cloud can’t find the user’s profile, authentication ends with an error. Disabled The node saves the number of failed login attempts in a shared state property named `nodeId.retryCount` and discards the value when the authentication journey ends. For security reasons, you should enable this setting. Default: Enabled.

Retry limit

Specify the number of retries to allow.

Default: 3

Save Retry Limit to User

Specify whether the number of failed login attempts persists across multiple journeys until authentication is successful. Possible values are:

Enabled: The node saves the number of failed login attempts to the retryLimitNodeCount attribute in the user’s profile. New flows using this node start with the stored value and continue to the retry limit.

PingOne Advanced Identity Cloud resets the count after the user authenticates successfully with an authentication journey that contains this node.

If PingOne Advanced Identity Cloud can’t find the user’s profile, authentication ends with an error.
Disabled: The node saves the number of failed login attempts in a shared state property named nodeId.retryCount and discards the value when the authentication journey ends.

For security reasons, you should enable this setting.

Default: Enabled.

Outputs

If Save Retry Limit to User is enabled, the node increments the retry count and saves the number of failed attempts to the retryLimitNodeCount attribute in the user’s profile. If the user can’t be identified during the journey, the journey ends with an error.

If Save Retry Limit to User is disabled, the node increments the retry count and saves the number of failed attempts to a shared state property named nodeId.retryCount. The count is lost if the journey is restarted.

Outcomes

Retry: The user hasn’t exceeded the number of allowed retries and can attempt authentication again.
Reject: The user has exceeded the number of allowed retries.

Errors

This node can log the following:

Warnings

Error clearing attribute

The node can’t reset the retryLimitNodeCount user attribute after the user has successfully authenticated.

Errors

Error getting current retry count

The node can’t retrieve the current retry count.
Failed to save retryLimitNodeCount to user: Identity Repo has not been upgraded.

The node can’t save retry count details to the retryLimitNodeCount user attribute during the authentication flow.
Error setting retry count on user attribute

The node can’t increment the retry count on the retryLimitNodeCount user attribute during the authentication flow.

These warnings and errors typically occur if the identity store is unreachable or the user no longer exists.

Examples

This example uses the Retry Limit Decision node to allow a user three attempts to authenticate. Otherwise, their account is locked.

A RetryLimit authentication journey, showing Retry Limit Decision node use.

The Page node containing the Platform Username node and Platform Password node prompts for credentials.
The Data Store Decision node validates the username-password credentials.
The Increment Login Count node updates the number of successful authentications in the user profile.
The Retry Limit Decision node is configured to allow three login attempts and either retries the login attempt or rejects it depending on the number of failed attempts.
The Account Lockout node locks the user’s account on their fourth failed attempt.