On Mon, Mar 21, 2016 at 10:05 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
In case #1 returning 0 for non-existent user is fine in my opinion.
On 21 March 2016 at 09:06, Andrej Prievalsky <ado.boj.83(a)gmail.com> wrote:
> Thanks for answer for 2nd question. I will write JIRA.
> But I didn't get answer for my 1st question.
>
>
>
> On Fri, Mar 18, 2016 at 5:22 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> numFailures should be reset after successful login
>> On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky"
<ado.boj.83(a)gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I have question concerning your REST_API:
>>> GET
>>> /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
>>> In 1.9.1..Final my setting per realm Demo looks like:
>>>
>>> [image: Inline image 1]
>>>
>>> I have noticed with this endpoint:
>>>
>>> - 1.) when user is not created the answer for this REST is same like
>>> for created user with 0 numFailures:
>>> {
>>> "numFailures": 0,
>>> "disabled": false,
>>> "lastIPFailure": "n/a",
>>> "lastFailure": 0
>>> }
>>>
>>> - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect
>>> password and 3rd time correct password numFailures is not reset by Keycloak:
>>> {
>>> "numFailures": 2,
>>> "disabled": false,
>>> ....
>>> ....
>>> }
>>>
>>> Are this 2 cases correct from your point of view?
>>>
>>> Thanks and Best Regards,
>>> Andrej.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>