[keycloak-user] Admin REST API Get Users (and search) returns enabled user ("enabled":true) after "Max Login Failures" exceeded
Stian Thorgersen
sthorger at redhat.com
Thu Apr 7 09:48:39 EDT 2016
User#enabled is only used for users that are manually disabled by admin and
not for user temporarily disabled by brute force protection, so this is
expected behavior.
On 7 April 2016 at 14:18, Juraj Janosik <juraj.janosik77 at gmail.com> wrote:
> Hi,
>
> is the following issue known in the community? (see description below)
>
> *Prerequisities:*
> 1. Keycloak 1.9.1.Final, CentOS7, Oracle12c
> 2. User disabled after "Max Login Failure" attempts.
>
> *Observed behavior:*
> 1. User displayed correctly as disabled ("enabled":false) via Get
> Representation of the user
> GET /admin/realms/{realm}/users/{id}
>
> 2. User displayed correctly as disabled ("disabled":true) via
> GET /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
>
> 3. User displayed not correctly ("enabled":true) via Get users (list of
> all users and search)
> GET /admin/realms/{realm}/users
> GET /admin/realms/{realm}/users?search={string}
>
> Thanks a lot.
>
> Best Regards,
> Juraj
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160407/cb1fad4f/attachment.html
More information about the keycloak-user
mailing list