Hi guys! I'm very interested in Keycloak and would like to share with you
some ideas that come from user requirements I currently have or had in the
past that you may find useful to add in Keycloak.
* Automatically revoke access to user account after a (configurable) number
of invalid sign-on passwords until the system administrator has unlocked
the account or automatically after an administrator-defined interval - I
know that with such feature an attacker could lock user accounts by simply
knowing usernames/emails. However I have a case of an Intranet application
that is accessible only inside the company and could trace such attackers
by their ip addresses.
* Record and report (i.e. email sending) on failed login attempts outlining
* Force password changes at regular (configurable) intervals or
* Automatically reset the password and send a new one to the user via email
* Can ensure that the new password has not been used before in a number
(configurable) of password changes
* Login using digital signature in a smart card or p12 file
* Security questions for password recovery
Other that I found as issues in other Identity Providers
* Support many accounts (~10K) within a reasonable amount of time
* When providing an authentication client (maven dependency) add only the
needed set of dependencies. I know this sounds silly but I have experience
with a client library provided by the Identity Provider that had a compile
dependency to apache ant...