[keycloak-user] Brut force attack questions

Alexander Chriztopher alexander.chriztopher at gmail.com
Wed Nov 26 03:45:42 EST 2014


Am to find a workaround in order to be able to unlock a user account. So
far i have tried to disable then enable the user account but this does not
do the trick apparently.

I have also tried to tweek the database but it looks like the lock
information is not stored in the db even though there is the table :
USERNAME_LOGIN_FAILURE. Is it normal that this table stays empty even on
login failures ?

Do you think of any other good workaround ?


On Tue, Nov 25, 2014 at 11:03 PM, Alexander Chriztopher <
alexander.chriztopher at gmail.com> wrote:

> Nice ! Again, thank you.
>
>
>
> > On 25 Nov 2014, at 21:39, Bill Burke <bburke at redhat.com> wrote:
> >
> >
> >
> >> On 11/25/2014 3:27 PM, Alexander Chriztopher wrote:
> >> Hi Bill and thanks.
> >>
> >> Do you think we will be able to have this within a short period of time
> (4-6 weeks) or is it going to be planned for the long run ?
> >
> > Not sure on the priority of this.  We have face to face meetings in a
> couple of weeks to discuss priority, then of course, its christmas vacation.
> >
> >> When is the value of max wait used as there is already a wait increment
> out there ?
> >
> > Correct.  It will increase the wait after each failure until the max is
> hit.
> >
> >>
> >>
> >>> On 25 Nov 2014, at 20:05, Bill Burke <bburke at redhat.com> wrote:
> >>>
> >>>
> >>>
> >>>> On 11/25/2014 12:32 PM, Alexander Chriztopher wrote:
> >>>> Hi,
> >>>>
> >>>> I have a some question with regards to Brut Force Attack Protection :
> >>>>
> >>>> # 1 / When brut force attack protection is enabled is there a way to
> >>>> know when a user account is locked ? I am thinking about the admin
> console.
> >>>>
> >>>> # 2 / When a user account is locked is there a way to unlock it from
> the
> >>>> admin console ?
> >>>
> >>> Unfortunately no for the above.  I'll log a jira.
> >>>
> >>>> # 3 / What is the difference between wait increment (When failure
> >>>> threshold has been met, how much time should the user be locked out?)
> >>>> and max wait (Max time a user will be locked out.).
> >>>
> >>> correct on both.
> >>>
> >>>
> >>> --
> >>> Bill Burke
> >>> JBoss, a division of Red Hat
> >>> http://bill.burkecentral.com
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20141126/6d9cb387/attachment.html 


More information about the keycloak-user mailing list