--- title: Retry Limit Decision node description: The Retry Limit Decision node tracks failed authentications. If the number of failed authentications is below a specified Retry Limit, the user can attempt authentication again. Otherwise, the node continues evaluation along the Reject outcome path. component: auth-node-ref version: latest page_id: auth-node-ref::retry-limit-decision canonical_url: https://docs.pingidentity.com/auth-node-ref/latest/retry-limit-decision.html keywords: ["Nodes & Trees", "Journeys", "Authentication"] page_aliases: ["auth-node-retry-limit-decision.adoc"] superseded_by: https://docs.pingidentity.com/auth-node-ref/latest/retry-limit-decision.html section_ids: example: Example availability: Availability inputs: Inputs dependencies: Dependencies configuration: Configuration outputs: Outputs outcomes: Outcomes errors: Errors --- # Retry Limit Decision node The Retry Limit Decision node tracks failed authentications. If the number of failed authentications is below a specified Retry Limit, the user can attempt authentication again. Otherwise, the node continues evaluation along the `Reject` outcome path. ## Example This example uses the Retry Limit Decision node to allow a user three attempts to authenticate. Otherwise, their account is locked. ![A RetryLimit authentication journey, showing Retry Limit Decision node use.](_images/retry-limit-decision-journey.png) * The [Page node](page.html) containing the [Platform Username node](platform-username.html) and [Platform Password node](platform-password.html) prompts for credentials. * The [Data Store Decision node](data-store-decision.html) validates the username-password credentials. * The [Increment Login Count node](increment-login-count.html) updates the number of successful authentications in the user profile. * The Retry Limit Decision node is configured to allow three login attempts and either retries the login attempt or rejects it depending on the number of failed attempts. * The [Account Lockout node](account-lockout.html) locks the user's account on their fourth failed attempt. ## Availability | Product | Available? | | ------------------------------------- | ---------- | | PingOne Advanced Identity Cloud | Yes | | PingAM (self-managed) | Yes | | Ping Identity Platform (self-managed) | Yes | ## Inputs This node requires the `realm` and `username` properties in the incoming node state. Implement a [Platform Username node](platform-username.html) earlier in the journey. ## Dependencies This node has no dependencies. ## Configuration | Property | Usage | | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Retry limit | Specify the number of retries to allow\.Default: `3` | | Save Retry Limit to User | Specify whether the number of failed login attempts persists across multiple journeys until authentication is successful. Possible values are:- Enabled The node saves the number of failed login attempts to the `retryLimitNodeCount` attribute in the user's profile. New flows using this node start with the stored value and continue to the retry limit. Advanced Identity Cloud resets the count after the user authenticates successfully with an authentication journey that contains this node. If Advanced Identity Cloud can't find the user's profile, authentication ends with an error. - Disabled The node saves the number of failed login attempts in a shared state property named `nodeId.retryCount` and discards the value when the authentication journey ends.For security reasons, you should enable this setting.Default: Enabled. | ## Outputs If Save Retry Limit to User is enabled, the node increments the retry count and saves the number of failed attempts to the `retryLimitNodeCount` attribute in the user's profile. If the user can't be identified during the journey, the journey ends with an error. If Save Retry Limit to User is disabled, the node increments the retry count and saves the number of failed attempts to a shared state property named `nodeId.retryCount`. The count is lost if the journey is restarted. ## Outcomes * `Retry` The user hasn't exceeded the number of allowed retries and can attempt authentication again. * `Reject` The user has exceeded the number of allowed retries. ## Errors This node can log the following: * Warnings * `Error clearing attribute` The node can't reset the `retryLimitNodeCount` user attribute after the user has successfully authenticated. * Errors * `Error getting current retry count` The node can't retrieve the current retry count. * `Failed to save retryLimitNodeCount to user: Identity Repo has not been upgraded.` The node can't save retry count details to the `retryLimitNodeCount` user attribute during the authentication flow. * `Error setting retry count on user attribute` The node can't increment the retry count on the `retryLimitNodeCount` user attribute during the authentication flow. These warnings and errors typically occur if the identity store is unreachable or the user no longer exists.