[keycloak-user] Required roles for clearing login failure counts
Gregor Tudan
Gregor.Tudan at cofinpro.de
Fri Nov 27 03:53:25 EST 2015
Hi everyone,
while I totally agree that any configuration of the bruteforce-detection should require the realm-management role, I’d like to raise the question if clearing failed attempts should be that restrictive.
This affects the following service endpoints:
DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames
We would like to enable callcenter agents to unlock specific users, but giving them realm-management permissions doesn't feel right. Would’t user-management be more appropriate permissions for these endpoints, or are there side effects to consider?
Thanks,
Gregor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151127/3fa25666/attachment.html
More information about the keycloak-user
mailing list