[keycloak-user] Brute force detector extension
Stian Thorgersen
sthorger at redhat.com
Fri Jan 13 02:30:16 EST 2017
+1 You've already explained it on the mailing list and we've commented so
it safe to continue with a PR without worrying that we'll reject your work
On 11 January 2017 at 19:18, Bruno Oliveira <bruno at abstractj.org> wrote:
> I believe the best is to create Jira as a feature request. And later you
> can attach your PR to that.
>
> On 2017-01-11, Eriksson Fabian wrote:
> > Do you want me to create a new feature request through the dev mailing
> list or could I immediately create a Jira-ticket?
> >
> > Best regards
> > Fabian Eriksson
> >
> > From: Stian Thorgersen [mailto:sthorger at redhat.com]
> > Sent: den 2 januari 2017 09:15
> > To: Eriksson Fabian
> > Cc: keycloak-user at lists.jboss.org
> > Subject: Re: [keycloak-user] Brute force detector extension
> >
> > You can implement a custom provider for the brute force protection that
> would do what you want. It wouldn't be configurable through the admin
> console though.
> >
> > I don't see why we couldn't add it as an option to the built-in provider
> though so if you are happy to send a PR for it including tests we could
> accept it into 3.x.
> >
> > On 21 December 2016 at 11:24, Eriksson Fabian <fabian.eriksson at gi-de.com
> <mailto:fabian.eriksson at gi-de.com>> wrote:
> > Hi all!
> >
> > We would like to have ability to configure the brute force detector so
> it can disable a user account after X failed attempts completely and not
> only lock him/her out for a period of time (setting the lockout-time to a
> few years is not enough). In the end we would like the admins of KeyCloak
> to be able to set a timed lockout-period or set a permanent one for
> different realms. I guess this would also require the detector to reset the
> failed-login-attempts count on a successful login.
> >
> > Does this sound interesting and could this then be something that we
> could contribute with to KeyCloak?
> >
> > Or is there a way to substitute the already existing brute force
> detector?
> >
> > Thanks in advance!
> > Fabian Eriksson
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
>
> abstractj
>
More information about the keycloak-user
mailing list