11:15 a.m.
Dear all,
I have enabled brute force detection on my keycloak application server.
I used keycloak 1.5.0 Final version.
After several trials I saw that the number of failures of the users are saved in session,
so if the server will be restarted the counter starts from 0 again.
Why you don't save it into db?
Mara
1:26 p.m.
On 12/4/2015 12:15 PM, Notarnicola, Mara wrote:
Dear all,
I have enabled brute force detection on my keycloak application server.
I used keycloak 1.5.0 Final version.
After several trials I saw that the number of failures of the users
are saved in session, so if the server will be restarted the counter
starts from 0 again.
Why you don't save it into db?
I didn't design this, but I think it's because brute force detection is
designed to thwart guessing of credentials over a relatively short time
period. In production you don't restart the server very often.
Mara
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:01 p.m.
In addition, is pretty much possible to configure fail2ban to read the
log files and store it into the database for example
(http://www.fail2ban.org/wiki/index.php/Commands#DATABASE).
I can be wrong, but I don't think Keycloak should have something like this.
On Fri, Dec 4, 2015 at 5:26 PM, Stan Silvert <ssilvert(a)redhat.com> wrote:
On 12/4/2015 12:15 PM, Notarnicola, Mara wrote:
Dear all,
I have enabled brute force detection on my keycloak application server.
I used keycloak 1.5.0 Final version.
After several trials I saw that the number of failures of the users are
saved in session, so if the server will be restarted the counter starts from
0 again.
Why you don’t save it into db?
I didn't design this, but I think it's because brute force detection is
designed to thwart guessing of credentials over a relatively short time
period. In production you don't restart the server very often.
Mara
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
- abstractj
8:51 p.m.
It will be useful in the future to warn people of rogue nations logging
in. i.e. Somebody from China logged into your account, was it you? It
used to be an experimental feature, then people started asking for it
because they wanted to disable accounts that failed to produce right
password 3 times or so. Weak, I know, but people wanted it.
On 12/4/2015 3:01 PM, Bruno Oliveira wrote:
In addition, is pretty much possible to configure fail2ban to read
the
log files and store it into the database for example
(http://www.fail2ban.org/wiki/index.php/Commands#DATABASE).
I can be wrong, but I don't think Keycloak should have something like this.
On Fri, Dec 4, 2015 at 5:26 PM, Stan Silvert <ssilvert(a)redhat.com> wrote:
> On 12/4/2015 12:15 PM, Notarnicola, Mara wrote:
>
> Dear all,
>
> I have enabled brute force detection on my keycloak application server.
>
> I used keycloak 1.5.0 Final version.
>
> After several trials I saw that the number of failures of the users are
> saved in session, so if the server will be restarted the counter starts from
> 0 again.
>
> Why you don’t save it into db?
>
> I didn't design this, but I think it's because brute force detection is
> designed to thwart guessing of credentials over a relatively short time
> period. In production you don't restart the server very often.
>
>
>
> Mara
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3325
days inactive
3328
days old
3 comments
4 participants
participants (4)
-
Bill Burke -
Bruno Oliveira -
Notarnicola, Mara -
Stan Silvert