In case #1 returning 0 for non-existent user is fine in my opinion. 

On 21 March 2016 at 09:06, Andrej Prievalsky <ado.boj.83@gmail.com> wrote:

Thanks for answer for 2nd question. I will write JIRA.

But I didn't get answer for my 1st question.

On Fri, Mar 18, 2016 at 5:22 PM, Stian Thorgersen <sthorger@redhat.com> wrote:

numFailures should be reset after successful login

On 18 Mar 2016 2:56 p.m., "Andrej Prievalsky" <ado.boj.83@gmail.com> wrote:

Hi,

I have question concerning your REST_API: 

GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}

In 1.9.1..Final my setting per realm Demo looks like:

I have noticed with this endpoint:

- 1.) when user is not created the answer for this REST is same like for created user with 0 numFailures:

   {

   "numFailures": 0,

   "disabled": false,

   "lastIPFailure": "n/a",

   "lastFailure": 0

   }

- 2.) when Max Login Failures is set to 3 and I put 2 times incorrect password and 3rd time correct password numFailures is not reset by Keycloak:

  {

  "numFailures": 2,

  "disabled": false,

    ....

    ....

   }

Are this 2 cases correct from your point of view?

Thanks and Best Regards,

Andrej.

_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user