6:23 a.m.
Hello,
I have a realm where password history was set to 3. When I try to set the
password for an user too fast (via REST API), I'm able to use one of the
passwords that should be recorded as not usable. When I put a small sleep
between the password changes (aprox. 300 ms), the usecase works fine - so
I'm not allowed to use any of the 3 recorded password from the history. I
tested the case using 1.9.3 Final and 2.2.1 Final with same results.
It looks to me like a bug, isn't it?
Thank you for the answer&best regards,
Bystrik
7:54 a.m.
I suspect what's happening is that there's two concurrent requests to
update the password history and one overrides the changes from the other.
Is it really a problem though? I somehow don't think users update their
password every 300 ms.
On 25 October 2016 at 13:23, Bystrik Horvath <bystrik.horvath(a)gmail.com>
wrote:
Hello,
I have a realm where password history was set to 3. When I try to set the
password for an user too fast (via REST API), I'm able to use one of the
passwords that should be recorded as not usable. When I put a small sleep
between the password changes (aprox. 300 ms), the usecase works fine - so
I'm not allowed to use any of the 3 recorded password from the history. I
tested the case using 1.9.3 Final and 2.2.1 Final with same results.
It looks to me like a bug, isn't it?
Thank you for the answer&best regards,
Bystrik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8 a.m.
We purge older history entries. Its based on creation date of current
time in milliseconds. I guess it could be possible that the update is
happening so fast that multiple entries have the same creation date.
Are you running tests in a cluster? Could also be possible that the
machines in your cluster don't have fully synchronized clocks.
Does it work for the 1st 2 tries, then fail on the 3rd? Then that is
probably the problem you are experiencing.
On 10/25/16 7:23 AM, Bystrik Horvath wrote:
Hello,
I have a realm where password history was set to 3. When I try to set the
password for an user too fast (via REST API), I'm able to use one of the
passwords that should be recorded as not usable. When I put a small sleep
between the password changes (aprox. 300 ms), the usecase works fine - so
I'm not allowed to use any of the 3 recorded password from the history. I
tested the case using 1.9.3 Final and 2.2.1 Final with same results.
It looks to me like a bug, isn't it?
Thank you for the answer&best regards,
Bystrik
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:28 a.m.
Hi Bill and Stian,
I know that this is a silly test case, but the API provides the possibity
;-) Anyway, I run my test from POSTMAN tool and the requests are running in
a sequece. I have a standalone Keycloak on my windows maschine, so it is
not a cluster. Yes Bill, you are right, most failing is the 3rd attempt.
Best regards,
Bystrik
On Tue, Oct 25, 2016 at 3:00 PM, Bill Burke <bburke(a)redhat.com> wrote:
We purge older history entries. Its based on creation date of
current
time in milliseconds. I guess it could be possible that the update is
happening so fast that multiple entries have the same creation date.
Are you running tests in a cluster? Could also be possible that the
machines in your cluster don't have fully synchronized clocks.
Does it work for the 1st 2 tries, then fail on the 3rd? Then that is
probably the problem you are experiencing.
On 10/25/16 7:23 AM, Bystrik Horvath wrote:
> Hello,
>
> I have a realm where password history was set to 3. When I try to set the
> password for an user too fast (via REST API), I'm able to use one of the
> passwords that should be recorded as not usable. When I put a small sleep
> between the password changes (aprox. 300 ms), the usecase works fine - so
> I'm not allowed to use any of the 3 recorded password from the history. I
> tested the case using 1.9.3 Final and 2.2.1 Final with same results.
> It looks to me like a bug, isn't it?
>
> Thank you for the answer&best regards,
> Bystrik
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:22 a.m.
Hi,
the question is whether is this buggy behavior or not regardless of mu use
case. I came to this behavior on slower virtual machine where the gaps
between the calls was more than 300 ms, than I realized to test it locally
on windows machine without network communication.
What could I expect then on clustered solution where I change the password
on one node and do the same on next node?
Thank you for the answer.
Best regards,
Bystrik
On Tue, Oct 25, 2016 at 3:28 PM, Bystrik Horvath <bystrik.horvath(a)gmail.com>
wrote:
Hi Bill and Stian,
I know that this is a silly test case, but the API provides the possibity
;-) Anyway, I run my test from POSTMAN tool and the requests are running in
a sequece. I have a standalone Keycloak on my windows maschine, so it is
not a cluster. Yes Bill, you are right, most failing is the 3rd attempt.
Best regards,
Bystrik
On Tue, Oct 25, 2016 at 3:00 PM, Bill Burke <bburke(a)redhat.com> wrote:
> We purge older history entries. Its based on creation date of current
> time in milliseconds. I guess it could be possible that the update is
> happening so fast that multiple entries have the same creation date.
> Are you running tests in a cluster? Could also be possible that the
> machines in your cluster don't have fully synchronized clocks.
>
> Does it work for the 1st 2 tries, then fail on the 3rd? Then that is
> probably the problem you are experiencing.
>
>
> On 10/25/16 7:23 AM, Bystrik Horvath wrote:
> > Hello,
> >
> > I have a realm where password history was set to 3. When I try to set
> the
> > password for an user too fast (via REST API), I'm able to use one of the
> > passwords that should be recorded as not usable. When I put a small
> sleep
> > between the password changes (aprox. 300 ms), the usecase works fine -
> so
> > I'm not allowed to use any of the 3 recorded password from the history.
> I
> > tested the case using 1.9.3 Final and 2.2.1 Final with same results.
> > It looks to me like a bug, isn't it?
> >
> > Thank you for the answer&best regards,
> > Bystrik
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
1:29 a.m.
I guess it's buggy behavior, but the real question is do we care? It seems
to be an issue purely limited to testing and not to real usage?
On 27 October 2016 at 12:22, Bystrik Horvath <bystrik.horvath(a)gmail.com>
wrote:
Hi,
the question is whether is this buggy behavior or not regardless of mu use
case. I came to this behavior on slower virtual machine where the gaps
between the calls was more than 300 ms, than I realized to test it locally
on windows machine without network communication.
What could I expect then on clustered solution where I change the password
on one node and do the same on next node?
Thank you for the answer.
Best regards,
Bystrik
On Tue, Oct 25, 2016 at 3:28 PM, Bystrik Horvath <
bystrik.horvath(a)gmail.com>
wrote:
> Hi Bill and Stian,
>
> I know that this is a silly test case, but the API provides the possibity
> ;-) Anyway, I run my test from POSTMAN tool and the requests are running
in
> a sequece. I have a standalone Keycloak on my windows maschine, so it is
> not a cluster. Yes Bill, you are right, most failing is the 3rd attempt.
>
> Best regards,
> Bystrik
>
> On Tue, Oct 25, 2016 at 3:00 PM, Bill Burke <bburke(a)redhat.com> wrote:
>
>> We purge older history entries. Its based on creation date of current
>> time in milliseconds. I guess it could be possible that the update is
>> happening so fast that multiple entries have the same creation date.
>> Are you running tests in a cluster? Could also be possible that the
>> machines in your cluster don't have fully synchronized clocks.
>>
>> Does it work for the 1st 2 tries, then fail on the 3rd? Then that is
>> probably the problem you are experiencing.
>>
>>
>> On 10/25/16 7:23 AM, Bystrik Horvath wrote:
>> > Hello,
>> >
>> > I have a realm where password history was set to 3. When I try to set
>> the
>> > password for an user too fast (via REST API), I'm able to use one of
the
>> > passwords that should be recorded as not usable. When I put a small
>> sleep
>> > between the password changes (aprox. 300 ms), the usecase works fine -
>> so
>> > I'm not allowed to use any of the 3 recorded password from the
history.
>> I
>> > tested the case using 1.9.3 Final and 2.2.1 Final with same results.
>> > It looks to me like a bug, isn't it?
>> >
>> > Thank you for the answer&best regards,
>> > Bystrik
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user(a)lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2979
days inactive
2985
days old
5 comments
3 participants
participants (3)
-
Bill Burke -
Bystrik Horvath -
Stian Thorgersen