User#enabled is only used for users that are manually disabled by admin and not for user temporarily disabled by brute force protection, so this is expected behavior.

On 7 April 2016 at 14:18, Juraj Janosik <juraj.janosik77@gmail.com> wrote:
Hi,

is the following issue known in the community? (see description below)

Prerequisities:
1. Keycloak 1.9.1.Final, CentOS7, Oracle12c
2. User disabled after "Max Login Failure" attempts.

Observed behavior:
1. User displayed correctly as disabled ("enabled":false) via Get Representation of the user
GET /admin/realms/{realm}/users/{id}

2. User displayed correctly as disabled ("disabled":true) via
GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}

3. User displayed not correctly ("enabled":true) via Get users (list of all users and search)
GET /admin/realms/{realm}/users
GET /admin/realms/{realm}/users?search={string}

Thanks a lot.

Best Regards,
Juraj




_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user