Re: [keycloak-user] password history not always correctly considered

We purge older history entries. Its based on creation date of current time in milliseconds. I guess it could be possible that the update is happening so fast that multiple entries have the same creation date. Are you running tests in a cluster? Could also be possible that the machines in your cluster don't have fully synchronized clocks. Does it work for the 1st 2 tries, then fail on the 3rd? Then that is probably the problem you are experiencing. On 10/25/16 7:23 AM, Bystrik Horvath wrote: > Hello, > > I have a realm where password history was set to 3. When I try to set the > password for an user too fast (via REST API), I'm able to use one of the > passwords that should be recorded as not usable. When I put a small sleep > between the password changes (aprox. 300 ms), the usecase works fine - so > I'm not allowed to use any of the 3 recorded password from the history. I > tested the case using 1.9.3 Final and 2.2.1 Final with same results. > It looks to me like a bug, isn't it? > > Thank you for the answer&best regards, > Bystrik > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user