[keycloak-dev] Features whishlist

Adrian Mitev adrian.mitev at gmail.com
Fri Mar 28 06:58:08 EDT 2014


Should I add these in JIRA as feature requests?

On Thu, Mar 20, 2014 at 3:47 PM, Adrian Mitev <adrian.mitev at gmail.com>wrote:

>
>
>
> On Thu, Mar 20, 2014 at 3:22 PM, Bill Burke <bburke at redhat.com> wrote:
>
>>
>>
>> On 3/20/2014 6:47 AM, Adrian Mitev wrote:
>> > Hi guys! I'm very interested in Keycloak and would like to share with
>> > you some ideas that come from user requirements I currently have or had
>> > in the past that you may find useful to add in Keycloak.
>> > * Automatically revoke access to user account after a (configurable)
>> > number of invalid sign-on passwords until the system administrator has
>> > unlocked the account or automatically after an administrator-defined
>> > interval - I know that with such feature an attacker could lock user
>> > accounts by simply knowing usernames/emails. However I have a case of an
>> > Intranet application that is accessible only inside the company and
>> > could trace such attackers by their ip addresses.
>>
>> Working on Brute force detection now.  First iteration will increasingly
>> add a "not before" time on successive login failures.  Second iteration
>> will include IP address options.
>>
>> > * Record and report (i.e. email sending) on failed login attempts
>> outlining
>> > * Force password changes at regular (configurable) intervals or
>> > * Automatically reset the password and send a new one to the user via
>> email
>> > * Can ensure that the new password has not been used before in a number
>> > (configurable) of password changes
>> > * Login using digital signature in a smart card or p12 file
>>
>> This something different than OTP?
>>
> A customer company has a policy that a password for user account should be
> changed every week. This counts for special type of users that access more
> sensitive information.
>
>
>>
>> > * Security questions for password recovery
>> >
>> > Other that I found as issues in other Identity Providers
>> > * Support many accounts (~10K) within a reasonable amount of time
>> > * When providing an authentication client (maven dependency) add only
>> > the needed set of dependencies. I know this sounds silly but I have
>> > experience with a client library provided by the Identity Provider that
>> > had a compile dependency to apache ant...
>> >
>>
>> So far our adapters are installed once onto the app server.
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20140328/6325f8c6/attachment-0001.html 


More information about the keycloak-dev mailing list