[keycloak-user] Required roles for clearing login failure counts

Gregor Tudan Gregor.Tudan at cofinpro.de
Fri Nov 27 03:53:25 EST 2015


Hi everyone,

while I totally agree that any configuration of the bruteforce-detection should require the realm-management role, I’d like to raise the question if clearing failed attempts should be that restrictive.

This affects the following service endpoints:

DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
DELETE /admin/realms/{realm}/attack-detection/brute-force/usernames

We would like to enable callcenter agents to unlock specific users, but giving them realm-management permissions doesn't feel right. Would’t user-management be more appropriate permissions for these endpoints, or are there side effects to consider?

Thanks,
Gregor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151127/3fa25666/attachment.html 


More information about the keycloak-user mailing list