[keycloak-user] Brute Force Detection - Get status of a username in brute force detection

Andrej Prievalsky ado.boj.83 at gmail.com
Mon Mar 21 12:00:19 EDT 2016 

JIRA created for case #2: https://issues.jboss.org/browse/KEYCLOAK-2692

On Mon, Mar 21, 2016 at 10:05 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> In case #1 returning 0 for non-existent user is fine in my opinion.
>
> On 21 March 2016 at 09:06, Andrej Prievalsky <ado.boj.83 at gmail.com> wrote:
>
>> Thanks for answer for 2nd question. I will write JIRA.
>> But I didn't get answer for my 1st question.
>>
>>
>>
>> On Fri, Mar 18, 2016 at 5:22 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> numFailures should be reset after successful login
>>> On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83 at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I have question concerning your REST_API:
>>>> GET
>>>> /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
>>>> In 1.9.1..Final my setting per realm Demo looks like:
>>>>
>>>> [image: Inline image 1]
>>>>
>>>> I have noticed with this endpoint:
>>>>
>>>> - 1.) when user is not created the answer for this REST is same like
>>>> for created user with 0 numFailures:
>>>>    {
>>>>    "numFailures": 0,
>>>>    "disabled": false,
>>>>    "lastIPFailure": "n/a",
>>>>    "lastFailure": 0
>>>>    }
>>>>
>>>> - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect
>>>> password and 3rd time correct password numFailures is not reset by Keycloak:
>>>>   {
>>>>   "numFailures": 2,
>>>>   "disabled": false,
>>>>     ....
>>>>     ....
>>>>    }
>>>>
>>>> Are this 2 cases correct from your point of view?
>>>>
>>>> Thanks and Best Regards,
>>>> Andrej.
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160321/bce9609f/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 46216 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160321/bce9609f/attachment-0001.png

More information about the keycloak-user mailing list