[keycloak-user] Brute Force Detection breaks Social login

Bruno Oliveira bruno at abstractj.org
Tue Jul 5 10:51:43 EDT 2016


I've just downloaded and tried with 1.9.8 too, it works. Is this happening with
all users? Have you considered to setup an isolated environment from
scratch?

On 2016-07-05, Valerij Timofeev wrote:
> Hi Bruno,
>
> thank you for the check.
> We are going to migrate our production setup from Keycloak 1.9.4 to Red Hat
> SSO 7.0, which is based on Keycloak 1.9.8.
> Direct migration to 2.0.0.Final would be for us too risky, but still an
> option somewhen later.
>
> @All,
> any ideas for Keycloak 1.9.x? May be there is some setting we miss allowing
> us to use both "peacefully".
>
> Kind regards
> Valerij
>
> 2016-07-05 15:59 GMT+02:00 Bruno Oliveira <bruno at abstractj.org>:
>
> > Hi Valerij,
> >
> > I've tested against 2.0.0.Final right now and I couldn't reproduce your
> > issue.
> >
> > I have brute force enabled by default here and Facebook configured
> > exactly like described at the docs.
> >
> > Not sure how to reproduce your issue :/ Maybe, give 2.0.0.Final a try?
> >
> > On 2016-07-05, Valerij Timofeev wrote:
> > > Hi all,
> > >
> > > it looks like the Brute Force Detection breaks Social login.
> > >
> > > I've:
> > > 1) downloaded keycloak-demo-1.9.8.Final
> > > 2) setup Facebook Identity provider
> > > 3) successfully tested Facebook login
> > > 4) activated Brute Force Detection with default values
> > > 5) tested Facebook login: it fails with the error message: "Account is
> > > disabled, contact admin."
> > >
> > > I wonder whether somebody has ever tested this combination.
> > >
> > >
> > > Kind regards
> > > Valerij Timofeev
> >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> >

--

abstractj
PGP: 0x84DC9914


More information about the keycloak-user mailing list