Hi,
I have question concerning your REST_API:
GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
In 1.9.1..Final my setting per realm Demo looks like:
[image: Inline image 1]
I have noticed with this endpoint:
- 1.) when user is not created the answer for this REST is same like for
created user with 0 numFailures:
{
"numFailures": 0,
"disabled": false,
"lastIPFailure": "n/a",
"lastFailure": 0
}
- 2.) when Max Login Failures is set to 3 and I put 2 times incorrect
password and 3rd time correct password numFailures is not reset by Keycloak:
{
"numFailures": 2,
"disabled": false,
....
....
}
Are this 2 cases correct from your point of view?
Thanks and Best Regards,
Andrej.