[keycloak-user] Admin REST API Get Users (and search) returns enabled user ("enabled":true) after "Max Login Failures" exceeded

Juraj Janosik juraj.janosik77 at gmail.com
Mon Apr 11 03:12:56 EDT 2016


Jira issue for this:
https://issues.jboss.org/browse/KEYCLOAK-2796

Best Regards,
Juraj



2016-04-08 8:19 GMT+02:00 Juraj Janosik <juraj.janosik77 at gmail.com>:

> OK.
> Then in this case I can report inconsistency in displaying of value of
> parameter "enabled" between
> following two admin REST API requests:
> 1. GET /admin/realms/{realm}/users/{id} => "enabled":false
>
> 2.1 GET /admin/realms/{realm}/users => "enabled":true
> 2.2 GET /admin/realms/{realm}/users?search={string} => "enabled":true
>
> And in GUI Admin console is user disabled after Max Login Failure attempts.
>
> Thanks.
> Juraj
>
> 2016-04-07 15:48 GMT+02:00 Stian Thorgersen <sthorger at redhat.com>:
>
>> User#enabled is only used for users that are manually disabled by admin
>> and not for user temporarily disabled by brute force protection, so this is
>> expected behavior.
>>
>> On 7 April 2016 at 14:18, Juraj Janosik <juraj.janosik77 at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> is the following issue known in the community? (see description below)
>>>
>>> *Prerequisities:*
>>> 1. Keycloak 1.9.1.Final, CentOS7, Oracle12c
>>> 2. User disabled after "Max Login Failure" attempts.
>>>
>>> *Observed behavior:*
>>> 1. User displayed correctly as disabled ("enabled":false) via Get
>>> Representation of the user
>>> GET /admin/realms/{realm}/users/{id}
>>>
>>> 2. User displayed correctly as disabled ("disabled":true) via
>>> GET
>>> /admin/realms/{realm}/attack-detection/brute-force/usernames/{username}
>>>
>>> 3. User displayed not correctly ("enabled":true) via Get users (list of
>>> all users and search)
>>> GET /admin/realms/{realm}/users
>>> GET /admin/realms/{realm}/users?search={string}
>>>
>>> Thanks a lot.
>>>
>>> Best Regards,
>>> Juraj
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160411/d6af1aa8/attachment.html 


More information about the keycloak-user mailing list