Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -rf0924238dddb80210e0e088cda5fe967f66ef979 -r55d9ac08e06b1ae80c1daeaeefe145b3907727f1
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision f0924238dddb80210e0e088cda5fe967f66ef979)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 55d9ac08e06b1ae80c1daeaeefe145b3907727f1)
@@ -158,17 +158,14 @@
 
 		}
 
-		// check if user is already logged in
-		HttpSession existingSession = SessionManager.getSessionForLogin(login);
-		
 		// store session so UniversalLoginModule can access it
 		SessionManager.startSession(request);
 
 		String oldSessionID = session.getId();
-		
+
 		// do the logging in UniversalLoginModule or cache
 		handler.handleRequest(exchange);
-		
+
 		// session ID was changed after log in
 		SessionManager.updateSessionID(oldSessionID);
 
@@ -186,15 +183,12 @@
 		} else {
 		    // clear after failed authentication, if it was set in LoginRequestServlet
 		    session.removeAttribute("integratedLogoutURL");
-		    
+
 		    Integer failedAttempts = user.getFailedAttempts();
-		    if (failedAttempts == null) {
-			failedAttempts = 1;
-		    } else {
-			failedAttempts++;
-		    }
-		    user.setFailedAttempts(failedAttempts);
 		    Integer failedAttemptsConfig = Configuration.getAsInt(ConfigurationKeys.FAILED_ATTEMPTS);
+		    // do not allow more failed attempts than limit in config as we may overflow failedAttempts column in DB
+		    failedAttempts = failedAttempts == null ? 1 : Math.min(failedAttempts + 1, failedAttemptsConfig);
+		    user.setFailedAttempts(failedAttempts);
 
 		    if (failedAttempts >= failedAttemptsConfig) {
 			Integer lockOutTimeConfig = Configuration.getAsInt(ConfigurationKeys.LOCK_OUT_TIME);