diff --git a/roles/engineblock/defaults/main.yml b/roles/engineblock/defaults/main.yml
index f267d051d..747da8b2b 100644
--- a/roles/engineblock/defaults/main.yml
+++ b/roles/engineblock/defaults/main.yml
@@ -67,6 +67,12 @@ engine_minimum_execution_time_on_invalid_received_response: 5000
 engine_time_frame_for_authentication_loop_in_seconds: 60
 engine_maximum_authentication_procedures_allowed: 5
 
+# maximum number of outstandig AuthN requests per session; exceeding this results in a 429
+engine_max_authn_per_session: 30
+
+# timeout when doing external queries (e.g., to PDP, AA, SBS)
+engine_http_client_timeout: 10
+
 # This PCRE regex is used to blacklist incoming AuthnContextClassRef attributes on. If an empty string is used
 # the validation is skipped. The validator will throw an exception if the used regex is invalid.
 engine_stepup_authn_context_class_ref_blacklist_regex: '/http:\/\/{{ base_domain | regex_escape }}\/assurance\/loa[1-3]/'
diff --git a/roles/engineblock/templates/parameters.yml.j2 b/roles/engineblock/templates/parameters.yml.j2
index 19a23f77e..c7e720780 100644
--- a/roles/engineblock/templates/parameters.yml.j2
+++ b/roles/engineblock/templates/parameters.yml.j2
@@ -147,6 +147,11 @@ parameters:
     ## The value for guest qualifier. Can be overridden for specific environments
     addgueststatus_guestqualifier: '{{ guest_qualifier | default('') }}'
 
+    ## the timeout used when querying external sources (PDP, AA, etc)
+    http_client.timeout: {{ engine_http_client_timeout | int }}
+    ## maximum number of simultaneous open authentications per session (exceed this, and receive a 429)
+    maximum_authentications_per_session: {{ engine_max_authn_per_session | int }}
+
     ## Language cookie settings
     cookie.path: {{ cookie_path | default('/') }}
     cookie.secure: true