Re: [keycloak-user] info about brute force detection
On 12/4/2015 12:15 PM, Notarnicola, Mara wrote:
Dear all,
I have enabled brute force detection on my keycloak application server.
I used keycloak 1.5.0 Final version.
After several trials I saw that the number of failures of the users
are saved in session, so if the server will be restarted the counter
starts from 0 again.
Why you don't save it into db?
I didn't design this, but I think it's because brute force detection is
designed to thwart guessing of credentials over a relatively short time
period. In production you don't restart the server very often.
Mara
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.html (text/html — 4.2 KB)