[keycloak-user] Brute force detector extension
Eriksson Fabian
fabian.eriksson at gi-de.com
Wed Dec 21 05:24:51 EST 2016
Hi all!
We would like to have ability to configure the brute force detector so it can disable a user account after X failed attempts completely and not only lock him/her out for a period of time (setting the lockout-time to a few years is not enough). In the end we would like the admins of KeyCloak to be able to set a timed lockout-period or set a permanent one for different realms. I guess this would also require the detector to reset the failed-login-attempts count on a successful login.
Does this sound interesting and could this then be something that we could contribute with to KeyCloak?
Or is there a way to substitute the already existing brute force detector?
Thanks in advance!
Fabian Eriksson
More information about the keycloak-user
mailing list