Dear all,

We are using Keycloak 1.5.0 and we are switching to 1.7.0 version.

We have extended the AbstractUsernameFormAuthenticator and implemented our UserFederationProvider.

We currently use the Brute Force Detection to detect user login failures.

We have noted that at the first time the BruteForceProtector initializes UsernameLoginFailureModel in its failure method, so both in the FormAuthenticator and in FederationProvider, the UsernameLoginFailureModel of the current session is null.

Our problem is to disable Brute Force for a set of users, it’s now possible to do this?

 

Thanks for your time

 

Mara