Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -rd34cc270cb398c4db6fe2b8a04e09bbce8cf76ce -r891f11197fd84289c2a160cd9dc17390a7ec6d19
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision d34cc270cb398c4db6fe2b8a04e09bbce8cf76ce)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 891f11197fd84289c2a160cd9dc17390a7ec6d19)
@@ -159,9 +159,6 @@
 
 		}
 
-		// check if user is already logged in
-		HttpSession existingSession = SessionManager.getSessionForLogin(login);
-
 		// store session so UniversalLoginModule can access it
 		SessionManager.startSession(request);
 
@@ -188,15 +185,12 @@
 		} else {
 		    // clear after failed authentication, if it was set in LoginRequestServlet
 		    session.removeAttribute("integratedLogoutURL");
-		    
+
 		    Integer failedAttempts = user.getFailedAttempts();
-		    if (failedAttempts == null) {
-			failedAttempts = 1;
-		    } else {
-			failedAttempts++;
-		    }
-		    user.setFailedAttempts(failedAttempts);
 		    Integer failedAttemptsConfig = Configuration.getAsInt(ConfigurationKeys.FAILED_ATTEMPTS);
+		    // do not allow more failed attempts than limit in config as we may overflow failedAttempts column in DB
+		    failedAttempts = failedAttempts == null ? 1 : Math.min(failedAttempts + 1, failedAttemptsConfig);
+		    user.setFailedAttempts(failedAttempts);
 
 		    if (failedAttempts >= failedAttemptsConfig) {
 			Integer lockOutTimeConfig = Configuration.getAsInt(ConfigurationKeys.LOCK_OUT_TIME);