[keycloak-user] Brute Force Detection issue: wrong password attempt counter not reset with successful login

Hi Keycloak team, This is Edwin from Nokia A&A organization. We want a change on brute force detection, to reset the password failure counter after a successful login I saw 2 related tickets had once been created for this before https://issues.jboss.org/browse/KEYCLOAK-2692 https://issues.jboss.org/browse/KEYCLOAK-3046 We understand the potential risk, but many of our products still want this change to enhance user experiences. So we are once again raising this request, please help to provide the enhancement. Please let me know if I need to create a JIRA ticket Thanks, Edwin ---------------------------------------------- Reproduce: Enable Brute Force Detection on the realm Set Max Login Failures to 3 (or any other number) on a user Attempt to log in to Keycloak with the user try invalid password 2 times Attempt to log in to Keycloak with the user with correct password (should succeed) Log out Attempt to log in to Keycloak with the user try invalid password 1 times Attempt to log in to Keycloak with the user with correct password (should succeed, but fails) Verify by loggin in with Administrator to Keycloak and check the user status (will be locked out).