Re: [keycloak-user] Brute Force Detection - Get status of a username in brute force detection

numFailures should be reset after successful login On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83(a)gmail.com&gt; wrote: > Hi, > > I have question concerning your REST_API: > GET > /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} > In 1.9.1..Final my setting per realm Demo looks like: > > [image: Inline image 1] > > I have noticed with this endpoint: > > - 1.) when user is not created the answer for this REST is same like for > created user with 0 numFailures: > { > "numFailures": 0, > "disabled": false, > "lastIPFailure": "n/a", > "lastFailure": 0 > } > > - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect > password and 3rd time correct password numFailures is not reset by Keycloak: > { > "numFailures": 2, > "disabled": false, > .... > .... > } > > Are this 2 cases correct from your point of view? > > Thanks and Best Regards, > Andrej. > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >