Re: [keycloak-user] Brute Force Detection - Get status of a username in brute force detection

Thanks for answer for 2nd question. I will write JIRA. But I didn't get answer for my 1st question. On Fri, Mar 18, 2016 at 5:22 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > numFailures should be reset after successful login > On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83(a)gmail.com&gt; > wrote: > >> Hi, >> >> I have question concerning your REST_API: >> GET >> /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} >> In 1.9.1..Final my setting per realm Demo looks like: >> >> [image: Inline image 1] >> >> I have noticed with this endpoint: >> >> - 1.) when user is not created the answer for this REST is same like for >> created user with 0 numFailures: >> { >> "numFailures": 0, >> "disabled": false, >> "lastIPFailure": "n/a", >> "lastFailure": 0 >> } >> >> - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect >> password and 3rd time correct password numFailures is not reset by Keycloak: >> { >> "numFailures": 2, >> "disabled": false, >> .... >> .... >> } >> >> Are this 2 cases correct from your point of view? >> >> Thanks and Best Regards, >> Andrej. >> >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >