We couldn’t sign you in. Too many failed login attempts. Try again later

I’m reposting this from the original that i posted on 8-April-2024 as it went unanswered, and i semi-regularly run into this issue on new installations.

Following a fresh installation of Redwood I’m unable to sign-in, and it appears that this might be due to more than one configuration error on my part, hence this post. I get the response, “We couldn’t sign you in. Too many failed login attempts. Try again later.” on any and all attempts to sign-in.

More diagnostics:

  1. I see this message in the javascript console for the default mfe sign-in page:
Module configuration error: SESSION_COOKIE_DOMAIN is required by ProcessEnvConfigService.

I’ve verified that SESSION_COOKIE_DOMAIN is correctly set in the lms/cms settings, so apparently i’m supposed to be passing this value from there to somewhere else?

  1. http GET requests to ´/authn/login´ result in a pair of 401 responses from /login_refresh/
  2. I see a POST to login_session that returns a 403. However, i can navigate to this page in my browswer, which returns a JSON-formatted dump of benign user configuration information (see below)

Here’s the complete js console output that I see when i navigate to the sign-in page.

And this is the page output for /login_session/

Hi @lpm0073!
Have you checked the ENABLE_MAX_FAILED_LOGIN_ATTEMPTS, MAX_FAILED_LOGIN_ATTEMPTS_ALLOWED and MAX_FAILED_LOGIN_ATTEMPTS_LOCKOUT_PERIOD_SECS settings? They control the number of failed login attempts in the backend.

I had this issue once, and it turned out Redis was unreachable which caused it. Many other factors could cause the login attempt count to be incorrect.

Thanks for the suggestion. Interestingly, third party oauth works fine, so the problem seems specific to the email/password fields in the auth mfe reactapp.