Problem statement
A log entry with the below description was found in the tenant logs.
Too many logins with the same username
The description was different from the ones triggered by Suspicious IP Throttling or Brute Force Protection.
This article clarifies the cause of this error message.
Symptoms
- “type”: “limit_sul”
- “description”: “Too many logins with the same username”
{
"date": "2024-03-08T03:55:51.629Z",
"type": "limit_sul",
"description": "Too many logins with the same username",
"connection": "testdatabase",
"connection_id": "con_k6twCf0BgMsZBTzQ",
"client_id": "I6ir53SuU5yLgl3jl9KimbbOuGTrOuOH",
"client_name": "rwa-test",
"ip": "165.85.0.215",
"user_agent": "Chrome 119.0.6045 / Windows 10.0.0",
"hostname": "[auth.flyingsobamonster.com](http://auth.flyingsobamonster.com/)",
"user_id": "",
"user_name": "[sho.fujita+e2etest@okta.com](mailto:sho.fujita+e2etest@okta.com)",
"$event_schema": {
"version": "1.0.0"
},
"log_id": "90020240308035551765460000000000000001223372045977689948",
"_id": "90020240308035551765460000000000000001223372045977689948",
"isMobile": false,
"id": "90020240308035551765460000000000000001223372045977689948"
}
Steps to reproduce
Make more than 20 login requests on the New Universal Login Page with the same IP and username/email address. (Typically using automation tools such as Selenium, Playwright, etc.)
Cause
The error message Too many logins with the same username will be logged when the Database Login Limit blocks a user. Please see: Database login limits.
Solution
If an error is observed during the load/penetration tests, reduce the request frequency so it can stay under the limit.