Re: [keycloak-user] Brute Force Detection - Get status of a username in brute force detection

Hi, I have question concerning your REST_API: GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} In 1.9.1..Final my setting per realm Demo looks like: [image: Inline image 1] I have noticed with this endpoint: - 1.) when user is not created the answer for this REST is same like for created user with 0 numFailures: { "numFailures": 0, "disabled": false, "lastIPFailure": "n/a", "lastFailure": 0 } - 2.) when Max Login Failures is set to 3 and I put 2 times incorrect password and 3rd time correct password numFailures is not reset by Keycloak: { "numFailures": 2, "disabled": false, .... .... } Are this 2 cases correct from your point of view? Thanks and Best Regards, Andrej. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user