[keycloak-user] info about brute force detection
Stan Silvert
ssilvert at redhat.com
Fri Dec 4 14:26:59 EST 2015
On 12/4/2015 12:15 PM, Notarnicola, Mara wrote:
>
> Dear all,
>
> I have enabled brute force detection on my keycloak application server.
>
> I used keycloak 1.5.0 Final version.
>
> After several trials I saw that the number of failures of the users
> are saved in session, so if the server will be restarted the counter
> starts from 0 again.
>
> Why you don't save it into db?
>
I didn't design this, but I think it's because brute force detection is
designed to thwart guessing of credentials over a relatively short time
period. In production you don't restart the server very often.
> Mara
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151204/8d819e97/attachment-0001.html
More information about the keycloak-user
mailing list