We purge older history entries. Its based on creation date of current
time in milliseconds. I guess it could be possible that the update is
happening so fast that multiple entries have the same creation date.
Are you running tests in a cluster? Could also be possible that the
machines in your cluster don't have fully synchronized clocks.
Does it work for the 1st 2 tries, then fail on the 3rd? Then that is
probably the problem you are experiencing.
On 10/25/16 7:23 AM, Bystrik Horvath wrote:
Hello,
I have a realm where password history was set to 3. When I try to set the
password for an user too fast (via REST API), I'm able to use one of the
passwords that should be recorded as not usable. When I put a small sleep
between the password changes (aprox. 300 ms), the usecase works fine - so
I'm not allowed to use any of the 3 recorded password from the history. I
tested the case using 1.9.3 Final and 2.2.1 Final with same results.
It looks to me like a bug, isn't it?
Thank you for the answer&best regards,
Bystrik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user